Comments

Thank you for writing candidly and accessibly, on the many diverse
topics you weigh in on, and collecting it all here.

@Bruce and Moderator(s)

Thank you for hosting and administering this blog the way that you do,
with such an open, accessible comment section (no javascript
requirement, no captchas, extremely light-touch moderation, weekly
catch-all thread, etc), thereby enabling the fascinating community of
voices/listeners gathering here.

@Everyone

Thank you for your principled, continued commitment to the free
exchange of ideas, as demonstrated by contributing constructively,
critically, and entertainingly to this venue.

First off, to all the readers in the Northern Hemisphere, have a happy winter festival, wrap up well and if not living it up large, enjoy the rest. For those in the southern hemisphere, enjoy your summer festival, and it you can send some nice weather "hup narf" I'm sure there are many who would appreciate it.

Secondly remember 2016 is not just a normal leap year, it's also getting a "Leap Second" so remember to start your New Year count doen at eleven ;-)

As is traditional many news outlets are having a round up of the years events. Almost certainly one will be the Internet Fake News stories such as pope on a rope blessings on Mr Trumpeting. As some of you know there are 'Debunking' sites like Snopes, who have had a raised profile because of the fake stories.

Well it would appear that what is one of the largest English Language OnLine news sites "The Mail Online" appart from it's usuall clickbait, questionable content, flashing the flesh and amongst other faux news health scare / medical wonder stories has decided to start protecting it's market share. Thus has started going after the faux news debunkers, which has been picked up by one of it's rivals "The Guardian"... Make of it what you will,

Whilst it is good that "fake" news is being dealt with, the problem is "who" is checking, and "how" it is carried out.

In the rush to suddenly deal with the "problem", we could actually be helping perpetuate propaganda and censorship, which is surely the opposite effect to that desired? I think it could be detrimental.

http://www.zerohedge.com/news/2016-12-23/dave-collums-2016-year-review-and-then-things-got-really-wierd
...
Yellen noted that the “best policy now is greater gradualism.” Bloomberg announced that “Federal Reserve officials signaled a slower pace of rate increases.” One 25-basis point hike in 10 years—2.5 basis points per year—and they need greater gradualism? These guys are the Ents in Lord of the Rings. They hear the Ghost of Christmas Past (1938), when the Fed popped an equity bubble it created owing to seriously dubious attempts to pull us from the Great Depression2 and scrooged the economy. The countdown-clock LEDs are flashing, and these folks won’t know whether to cut the red wire or blue wire. “Not a problem: we’ll just wait for more data.”

http://www.zerohedge.com/news/2016-12-23/how-us-government-destroys-lives-patriotic-whistleblowers
...https://www.theguardian.com/us-news/2016/may/22/how-pentagon-punished-nsa-whistleblowers
...
Since its inception, the NSA had been strictly forbidden from eavesdropping on domestic communications. Drake’s investigation persuaded him that the NSA was now violating this restriction by collecting information on communications within as well as outside of the United States. And it was doing so without obtaining legally required court orders.
Drake’s descent into a nightmare of persecution at the hands of his own government began innocently. Having uncovered evidence of apparently illegal behaviour, he did what his military training and US whistleblower law instructed: he reported the information up the chain of command. Beginning in early 2002, he shared his concerns first with a small number of high-ranking NSA officials, then with the appropriate members of Congress and staff at the oversight committees of the US Senate and House of Representatives.
Drake spent countless hours in these sessions but eventually came to the conclusion that no one in a position of authority wanted to hear what he was saying. When he told his boss, Baginski, that the NSA’s expanded surveillance following 9/11 seemed legally dubious, she reportedly told him to drop the issue: the White House had ruled otherwise.
John Crane first heard about Thomas Drake when Crane and his colleagues at the Pentagon’s Office of the Inspector General received a whistleblower complaint in September 2002. The complaint alleged that the NSA was backing an approach to electronic surveillance that was both financially and constitutionally irresponsible. The complaint was signed by three former NSA officials, William Binney, Kirk Wiebe and Edward Loomis, and a former senior Congressional staffer, Diane Roark. Drake also endorsed the complaint – but because he, unlike the other four, had not yet retired from government service, he asked that his name be kept anonymous, even in a document that was supposed to be treated confidentially within the government.
Binney, Wiebe, Loomis and Roark shared Drake’s concerns about the constitutional implications of warrantless mass surveillance, but their complaint focused on two other issues.
The first was financial. The whistleblowers contended that the NSA’s surveillance programme, codenamed Trailblazer, was a shameful waste of $3.8 billion – it had been more effective at channelling taxpayer dollars to corporate contractors than at protecting the homeland.
Of course it was.

I don't always agree with Bruce, but I hope he continues to navigate via his internal compass. And why would he quit IBM when he has no beef with it?

@Clive Robinson

Snopes is not a reliable means of determining fake news as JG4 said. And the Guardian, a/k/a the British Pravda, is not a rival of the Daily Mail, as they reside on completely opposite sides of the political spectrum.

Daily Caller: "Snopes, Which Will Be Fact-Checking For Facebook, Employs Leftists Almost Exclusively"

And speaking of fake news, even the Washington Post agrees that Naked Capitalism is a major source for it. Naked Capitalism unleashed its shyster, but WaPo is holding its ground, which is amusing given that both are left-wing organizations.

Banish to Hell any news that has any of the following characteristics:

1. No named sources (sources include the author).
2. Named sources who cannot be questioned.
3. Named sources who are known to be untrustworthy, i.e., liars.
4. Named sources who are being paid by entities with vested interests in the subject at hand.

This will eliminate an awful lot of chaff, and at least reduce your reading time dramatically.

AICPA’s ASEC issued two exposure drafts designed to provide frameworks for evaluating a company’s cyber risk management program. These drafts were issued on September 15 with comments requested by December 5. The first exposure draft provides a set of criteria that management can use to describe a company’s cyber risk management program, and against which a public accounting firm could report on management’s description. The second exposure draft provides a framework for attestation services that can be used to evaluate the controls within a company’s cyber risk management program, or SOC2 engagement. [1]

Such assurances could allow boards, shareholders, customers, counter-parties, and regulators to evaluate a company’s cybersecurity and resiliency, advised the Treasury's Deputy Secretary in a speech made to the Public Company Accounting Oversight Board International Institute on Audit Regulation on December 14. [2]

“…certainly one will be the Internet Fake News stories such as pope on a rope blessings on Mr Trumpeting. As some of you know there are 'Debunking' sites like Snopes, who have had a raised profile because of the fake stories.”

Some people are in agreement with you on the Snoops issue. They point to the fact Jasper Jackson can be politically biased. Oddly, he is somewhat left of center but can go extremely left of center to the point he is ridiculous. On non-political issues he is hit and miss with his forum.

I gave up reading his site over five years ago. His “snooping” is of average to low quality.

I'm a Windows 8 user now interested in security and privacy. I read this blog and wonder, "Ok... so it's time to move to Open BSD, or Red Hat, or some other OS which is (or can be configured to be) reasonably secure against government passive surveillance and the 'better-than-average' internet threat."

But what processor to use? Aren't Intel and AMD now suspect for the sake of potential misuse of out of band remote access technology baked into the chip? Do I really have to source a Solaris box or be an alpha tester of some home-brewed fabrication plant yet to be built in the mountains of a third-world country?

Thoughts?

Come to think of it, there is a need for a guide to implementing reasonably good OPSEC and security practices for the everyday computer-literate user. So much chaff to sift, so much assumption about threat capabilities which makes prudent security choices difficult.

You need to obtain hardware that the software can be installed on since it's no point getting a hardware but be stuck on trying to get the OS and software stack up and running.

Do be careful of a bunch of security applications and setups that are only half baked at best despite all the fanciful sounding names and all that.

So you want to get a ARM Cortex A7/8 board running a nice and cool microkernel with wonderful stuff on it and also do ARM TrustZone security ? Well, most of those are half-baked. Off the list for now.

How about some ARM Cortex A7/8 via Cubieboard, Beaglebone ..etc.. to do ARM board + OpenBSD ? Well ... that sounds good but those boards are experimental and developmental stuff that may or may not work. Bang for the bucks ? Nope. Stability ? Neither. Off the list for now.

Instead of impractical stuff like some exotic chips or weird installation and setup, maybe Intel that does not have the vPro/AMT technology (the stuff that is the fabled backdoor portion) ? Well, that's possible. There are Intel processors that are sold without the so-called vPro/AMT (backdoor technology) and there are ways to install OpenBSD do these chips. I recently stumbled upon asome blogs on installing OpenBSD on Intel NUC devices (specifically the older Intel® NUC Kit NUC5i3RYK that runs the Intel® Core™ i3-5010U Processor processor that does not contain the vPro/AMT backdoor it seems).

Do note that the Puri.sm project (Librem laptop project) also uses this method of avoiding Intel chips with vPro technology to build their Librem laptops.

It seems the best option for now in my opinion would be these mini PCs in the stated specification and model to run an OpenBSD instance.

You might also want to purchase the Librem 13 or 15 laptops (I would recommend Librem 13) as a main stay laptop and then install OpenBSD on it if you are willing to spend more cash on it otherwise the Intel NUC NUC5i3RYK with OpenBSD (installation instructions linked below) are a more cost effective price wise.

If you have security critical applications (i.e. PGP email, FIDO authentication, file encryption ...) you should use a programmable smart card to handle the security critical stuff while the OpenBSD computer handle the less critical stuff. The OpenBSD computer only increases your assurance a notch while using smart card to do security critical stuff adds another layer of assurance (using a multi-layered assurance approach).

So much chaff to sift, so much assumption about threat capabilities which makes prudent security choices difficult.

Security is as much a state of mind as it is a physical or informational reality, and the weak link will in most cases be yourself when you are tired, busy, annoyed ot in some way not a calm exact follower of checklisted actions.

The first important thing to realise is that the computing stack is very deep, from quantum physics all the way through economics, politics and even philosophy. Thus no individual can hope to master all those levels in bredth or depth.

Thus the two sensible thoughts are segregation and mitigation. That is get the parts you wish to remaine private / secure and issolate them from the general stack and mitigate areas you can not segregate.

Whilst computers are fairly efficient and fast at communication they are almost impossible to secure against even script kiddy levels of attack, if they are ever connected to a communications network without very significant mittigation.

Thus your first thoughts should be on how to build an issolated system and keep it issolated indefinitely.

One such way is a very cheap older netbook and a safe and small printer / scanner that can all be kept locked in a safe when not in use. Where secrecy is important, you need to think about not using plaintext on any computer, and this is where the knowledge of how to make and keep secure paper and pencil based "One Time" ciphers and codes can be of use.

Likewise other traditional "field craft" is actually far more important to computer OpSec than many people realise and it is not knowing these basic things that can give rise to tiny "openings" in your security features, an opponet can drive a wedge into to make a full break.

Personaly I would look at nearly all computer security applications etc, not as real security but simple obfuscation techniques used more to slow down and annoy an opponent rather than stop them.

It's knowing how to do the serious OpSec mitigations that is what you realy need to understand in depth, if you want to survive an actual hostile attacker rather than am oportunist crook.

The first important thing to realise is that the computing stack is very deep...

Oh, make no mistake! It's not only deep. It's also wide and long! It's the reason when I hear "defense in depth" I smile. That's so yesterday... We need defense in depth, width, and height! Who knows what other dimensions we'll need later on...

Excellent! Defense before and after t=0 is needed. The former is proactive; the latter is reactive. Both need to be well thought out. What would you call defense at t=0, or is that already implied somewhere? :)

@Spiritual News: The Friday squid post is intended for discussion of security stories in the news, not for drive-by political rants that have nothing to do with security. I have therefore deleted your comment. I welcome you to visit another day, should you wish to discuss the subjects covered by this blog.

Part of the NSA "store everything" is to build an information based "Internet Time Machine". Thus they can go back and look for correlations etc, that were not known at the time. This also alows for a "Presentational Advantage" where a prosecutor can make a jury see links between people etc that are in effect faux, because the much vaunted "Collect it all" had failed to pick up on it at the time.

But as for a real "Defence in Time" it's actually already been done via the Internet Archive...

In the UK there was a Met Police Operation (Ore) that for various reasond caused way more harm than it did good.

A part of the problem was that questionable or false evidence came from the FBI. Specifically they changed the HTML etc of a page from a porn gateway to make Kiddy porn very prominent. Where as in the original page it was hidden away at the bottom of a long page where few would have seen it... The Met Police just submitted the faked up FBI image to the prosecution. At no point did the UK authorities make any attempt what so ever to verify the faked FBI evidence...

The reality of this is the only way you can protect yourself is to build your own Personal Internet Time Archive (PITA). Unfortunately like all technology it is agnostic to it's use, thus if it fell into investigators hands it could be quite dangerous...

I've just been using a great small encryption program, recommended by a friend over the Christmas holiday, produced by Jetico: a company Bruce has previously spoken highly of.

BCArchive is freeware and just over 4 MB in size. The configuration options are extensive and it supports both symmetric and asymmetric encryption along with customizable hash, key algorithm and iterations. It also has an integrated text encoder and PKI generator. For such a powerful program it's extremely lightweight and has shell integration.

Oh my, I think I got a little too drunk on tea. Was wanting to write 2016 and ended up writing 2017. Oh well ... I guess I actually travelled through time a little and came back. All fun and good :).

The icons and images gives a sense of the current trend in security (as you can see from all the product images) and also shows our current "progress" in security. The old stuff is still staying and aging very quickly while we are still unable to adapt to future security needs.

No intelligent contributions to offer, but a most sincere merry (*) to all, and an extra measure of merriment to the stalwart regulars here - those diurnal wellsprings of insight ornamenting cyberspace year'round. Many appreciate it.

Phones are also at risk of malware attacks that compromise the secrecy of one-time passwords.

And this key isn't vulnerable to interception by malware? What other weaknesses does it expose in addition to the hardening it brings? Is the key bound to the platform or is it just a "token" claiming to be 2FA? Why use this key when there is a robust industry standard available and already implemented on most devices (TCG)?

Fascinating article! I like the part about the stranded chip designers and the centuries it would take them to build a chip. I often thought about similar situations in the event of "loss of technology" (with knowledge preserved.)

Yes, I left the tea for a little too long. You know the Chinese style of brewing tea in a tiny teapot with 10 steepings ? It is said to induce tea drunkness more effectively than a single or double steeping.

Golden melon pu'erh. Don't have the spare cash to buy something so expensive that's why I had to resort to drawing you guys a X'mas card by hand instead of sending actual gifts. Anyone have some of those golden melon pu'erh can send it to me :) . I have always wanted to taste one of those delicacies.

Effectively U2F is simply a protocol (a.k.a. Public Key authentication variant siilar to TLS certs). It does not care how you store your keys in a smart card or a USB dongle, embedded Secure Element, TPM, TEE or whatever. Those are the storage layer and the U2F vaguely have much documents on that area. All the U2F cares about is how you encrypt and send the message.

There have been use cases where TPM, TEE and Secure Element/Smart Card/Dongles are used as the physical medium for tamper resistant storage and crypto operations. In fact, Intel chips with Identity Protection Technology enabled (usually also with the Intel ME backdoor inside) comes with FIDO U2F capabilities if the code cutter signs an NDA and spend some cash with Intel to use the Intel IPT specs.

Here's a quick tutorial linked below on FIDO U2F and UAF protocol. Due to USB security dongles and TEEs being the most hyped and hot selling things in the market, most of the documents and samples goes to TEE and Smart card chip equipped USB dongles due to their popularity.

Note that the Android with a lock in the Xmas card I drew reference to the TEE environments (QSEE & KNOX) and the whole bunch of USB dongles with security chips embedded. These are the growing hype in the market currently.

Thoth
--Sounds like Wael's tea you been drinking. :p Was the message at the beginning of file? If so, bleh make something funnier :p.

Well there's something else for Xmas too, the data diode works, just to verify for everyone. So far I'm using Realterm on Windows PC's (I want 1-way off windows pc's and onto windows pc's b/c I do a lot of development on them). I'm not sure what protocol it's being sent on Realterm. Not the most user friendly, but is pretty easy. The capture file feature is not working for me for some reason, only displaying contents of files to terminal (not sure buffer limit). I've tried .txt files, .c files, and .ino files (lol). All worked, you have to copy and paste the text from terminal window on receiver to a file, that's the biggest flaw so far (and I installed drivers too, but the actual transfer pc's can have malware, so long as they deal w/ pre-encrypted files only).

So basic protocol would be (million ways to skin a cat), you have a linux or bsd pc, having base64 and openssl or gpg is nice. You could base64 a text file or any kind of file, then encrypt that w/ openssl aes256, long key etc., then base64 that and pipe it to a .txt file. Save that to a usb stick or smart card/sd card, whatever. Spin your chair or walk it over sneakernet to the transmitting pc (windows pc for me w/ Realterm). If you want to destroy that memory card after 1 use or whatever, up to you. Set up the port, make sure same baudrate, I've experienced no errors so far (when properly soldered). You can send that as an email attachment. If you do gnupg or pgp, put the key in that, save the output again to .txt file (easiest) and get it to transfer pc via some memory stick.

Don't even need to hit "capture" file on receiver, just find the files you want to send over, send one at a time, contents of text file are now on terminal window of RX. Put that in another file, email it.

Tea again... Three stories: My Chinese officemate always washed his green tea with boiling water before he steeped it. When I asked him about the reason, he said to get rid of mercury.

Many, many years ago, my Mauritanian classmate invited me for a cup of tea. He made the strongest tea I ever tried. He had a kettle with loose tea leaves. He rarely got rid of the used tealeaves; he just added fresh ones on top of them. And the amount of water he put in the kettle was tiny, he let it boil for a long time. He gave me a cup of tea that barely had five table spoons of tea. Man was it strong! Stronger than a quad shot Ristretto Espresso (and I have these once in a while.) I haven't been able to sleep normally since that day ;)

Golden melon pu'erh

On my way back from China, I stopped by the duty free shop to buy something "cheap". I looked at one of the tea packages. The clerk told me this is expensive. How expensive? $200 for less than quarter a pound. No thanks, I passed... Not sure what kind of tea it was. It wasn't for me, that's for sure.

Here's a quick tutorial linked below on FIDO U2F

I'm more than familiar with FIDO (I read the specifications from the early days,) and I personally don't care much for it. I also prefer to leave it at that for undisclosed reasons, so I will not tell you why ;)

Re: data Diodes: The unidirectional path in your design must only apply to data and not to control signals. Otherwise you are very limited in the protocols you can use. Additionally, you may need to consider possible information leakages through the reverse direction control rails?

Sneakernet would usually be reserved for key management for my case but is a good idea to try them on emails.

@Wael

The rinsing of tea leaves can either be for washing the leaves or to soak and pre-heat the some very tightly bundled leaves up to prepare for a brew.

The method of not removing tea leaves and using very little water is a Teochew (ne of the many subgroups of Chinese dialects) style of brewing that have become famous world wide. Once reserved for farmers and for the brewing of lower grade "hard and bitter" teas (associated with low grade leaves) have now taken a life of it's own as a sort of norm in tea cultures worldwide. Highly concentrated teas made in such a manner has it's uses of bringing out layers of nuances in the tea.

Expensive teas are considered "gold" thus the high tea prices. Remember the good old Opium War (Qing dynasty in China) ? One of the reason was due to the high demands and prices for tea.

Wow, thank you so much! Stupid me never though much about tea as a weapon, but now, thanks to you and that expert I'm beginning to be frightened.

Not meaning to shock any of you or to create mass hysteria but I'm now actually quite convinced that the nsa utah facility is actually a giant "put trackable wifi into tea leaves" operation! Those bastards must have somehow found out that them thin "lines" in tea leaves lend themselves perfectly to inserting nano antennas.

As for the xmas card: I'm shaken to the core, mistrusting, and on high alert: Tell me - How the hell did you "coincidentially" chose 0xF8F35B9C?? I swear that I have the exact same 32 bits in my system!

Oh well, I could have known it, I have no excuses. You tricky bastard found a way to disguise a bit exploit and to insert it into your texts - and now you are showing me grinningly and bluntly that you know my eavesdropped bits. Damn.

But at least you gave me lots of "totally awesomely secure" golden stickers on the tree. I'm enchanted and I'll stick one of them right onto my 19$ high security/WPA/password-free telnet plastic router box. That'll teach the evil guys a lesson, hehe.

Thanks but I don't need that. I have downloaded a secure password vault app from some guys in China. It cost me 99$ but hey, quality isn't cheap. In fact, along with that app I also got access to their secure website remote password safe so in case my cool Android device on which I do all my work burns down, I can simply download all my passwords.
Plus: There is nothing to steal on my android device anyway. I'm not stupid! *Of course* I only use remote storage, remote office, and remote interpreters!

@all

I don't need no stinkin new PK or whatever alcorithms! I have plenty of tea and I have DES13 (DES followed by rotl13, done in secure perl on jvm).

Perfect forward security is a scam. Nobody knows the future! I prefer perfect backward security. With a solid golden sticker of course.

What do you mean if I remember? You think I lived that long? You must have me confused for @Clive Robinson! He was wearing the greens in that war ;) Besides, who needs to remember anything with Wikipedia and search engines at the tips of our fingers? Yes, I remember...

Expensive teas are considered "gold"

Saffron is more expensive than gold, sometimes I put that in my tea too!

@ab praeceptis,

I have DES13 (DES followed by rotl13, done in secure perl on jvm).

That's some powerful crapography your using, mate! No one will be able to decrap it (they won't be able to read sh*t.)

The TLAs wanted to have strong encryption but also be able to crack it. So why not use the hype of longer key lengths and create QuadrupleDES (4DES). Just add one more layer to 3DES and you have a magically secure cipher for say another 50 years :D .

The NSA et. al. should be able to easily crack 64-bit block ciphers with their super duper computers so 4DES would provide the snakeoil strength of longer keys (56 * 4 = 224-bit 4DES) and keep out normal hackers (guess not).

I should have added a bottle of snakeoil and a coiling serpent climbing the Yule tree in my Xmas card but I guess that would be next year's 2017 card if I decided to do another.

The NSA et. al. should be able to easily crack 64-bit block ciphers with their super duper computers

In that case, Taihulight should have us worried then! No "Intel Inside™" on that one either! Restrictions are a double edged sword! Super duper computers live behind the bamboo curtain these days -- across the yellow puddle ;)

How the hell did you get at that? You eavesdropped that integer from me! I have exactly the same integer on my machine. I confess that I was careless and kept that integer around unencrypted, but still: How did you do that?

That would be true only if I categorically negated the existence of protocols. I only imposed a severe limitation on their capabilities! Can your CD-ROM example participate in any arbitrary mutual challenge-response protocol at the media level? Data Diodes do impose limitations, and perhaps as designed too. Still, one needs to be careful!

The US Congress and Govt's use case was to only prevent those pesky script kiddies... oh I forget about the fact that these script kiddies could link a bunch of RPi boards and Amazon S3 instances to run and crack 64-bit block ciphers ... hmmm ... at least it prevents the pesky non-geeky siblings until those script kiddies open up their cracking services as a cheap SaaS service.

Amateur. I always use phpjsflashsilverlight with OpenSSL (preferably the stable 0.9.8 release) for encryption. That in combination with adobe/yahoo on the winxp-SP0 platform. The only problem is that this platform doesn't allow me to plug in my shiny new 2500 Euro web TV with built-in camera. Driver problems ;-)

Why use this key when there is a robust industry standard available and already implemented on most devices (TCG)?

Ease of adoption is one of the things that comes to mind, especially in corporate contexts. Once set up, they're pretty straightforward to use. Which is not to say that these would be impervious to malware attacks or that we should just trust products from a Swedish company that are manufactured both in Sweden and the US. Personally, I'd feel much better about them if Yubico were Swiss or even German. But I'm taking my chances for now.

Given that the average user in practice is unable or unwilling to adopt complex password management strategies - and that even those are increasingly within reach of resourceful attackers - smart cards, U2F and the like are a manageable and reasonably secure way forward for both SMB's and private individuals, especially when compared to biometrics such as fingerprint readers or face recognition technologies (Intel TrueKey et al).

Over the years, I've had many bikes stolen until I adapted a simple and affordable three-lock strategy. With the right tools, it takes a skilled thief about 15 minutes to break all three of them, but in practice they will just move on to the next bike that only has one standard issue lock. Mileage, of course, does vary if it's a really fancy and expensive bike parked in a dodgy neighbourhood, and which will require additional, more complex and more expensive security measures.

I have downloaded a secure password vault app from some guys in China. It cost me 99$ but hey, quality isn't cheap.

There are several decent password managers out there. For those with budget restrictions there is also the cross-platform Keepass 2.x. With some additional Keepass plugins and browser add-ons, you get roughly the same features and security as those of commercial apps like 1Password, but without the cloud stuff. You can optionally sync your password database between devices over a cloud provider of your choice, but preferably within a Boxcryptor or other encrypted container. And which I prefer over using the built-in FF sync mechanism.

As @Thoth already said, the Librem laptops (for Linux-based stuff) or the Intel NUC NUC5i3RYK (for OpenBSD) make for good hardware picks, but they are expensive and in the case of Librem almost constantly in short supply, which may be indicative of financing or supply chain issues as also seen with Silent Circle's Blackphone.

xBSD is still not for the faint-hearted. For OpenBSD, you really need the right hardware or you end up in driver support hell, and unless you *really* know what you're doing, you will most likely blow up your system on every upgrade. A while ago, I again lost an entire day figuring out what went wrong upgrading a PC-BSD 10.3 VM to TrueOS 12.

Thoth mentioned: "It seems the best option for now in my opinion would be these mini PCs in the stated specification and model to run an OpenBSD instance," and, "You might also want to purchase the Librem 13 or 15 laptops (I would recommend Librem 13) as a main stay laptop."

Dirk mentioned: TAILS is currently my preferred portable solution and Qubes(with Xen and Whonix) my choice for the desktop.

I was not aware of Librem. Very good to see interest in this product. Expensive given the hardware specs, indeed. But possibly worth the money if it achieves the purpose (greater security/privacy against passive data collecting while remaining portable, practical).

Clive, you speak with the voice of experience. Thank you for your contribution--you've offered a whole other angle.

Correct me if I'm wrong, but it would seem Thoth's advice leans more toward the practical, emphasizing usability in tandem with security and privacy. Dirk's shopping list leads more toward security and privacy (ala TAILS, and, Qubes for dessert: a layer cake with VM icing), but not quite as practical for everyday computing.

Clive mentioned: "Thus your first thoughts should be on how to build an issolated system and keep it issolated indefinitely"

And therein lies the other angle mentioned above: emphasizing extraordinary security, but trading off practicality and mobility.

There is much to think about here. Maybe a genetic algorithm could help optimize the right point between security, privacy, practicality (variety of apps, hardware compatibility, ease of use), portability, and threat model.

Or perhaps a combination of solutions? Librem 13 laptop for daily use, and an "energy-gapped" Windows XP or Linux box running on a single core Pentium to use for personal Certificate Authority and PGP decryption (can't decrypt from remote location, though). And how to exchange data? That needs to be a one-way gate for certain. Come to think of it, if you are really serious then that 'energy-gapped' box would also need to be removed from the power grid given the capability of a $75.00 "Powerline" Ethernet adapter. Sticky business.

If I stand back from this discussion for a moment, I realize how ridiculous it is that we have to have this conversation to maintain reasonable security and sound privacy as a mere citizen, and not just in the role of 'spook'.

Looks like I have a lot more reading to do-- provocative suggestions, everyone. Many thanks. I'll participate more often as time allows.

The main drawback with Librem is that it uses newer processors. The newer ones have the Intel backdoors strongly built-in where it might be impossible to fully disable them. The older ones in Core Duo etc line were easier to work with. That's why they're used in the only Free as in Speech laptop left: T400. There's also the cheaper T200 on that site.

I recommend that if you absolutely need modern Intel with as little of their schemes as possible. Another possibility for desktops and servers is using Pentium 4 Xeon's in SMP configuration. It will use more power, cost money, etc. IIRC, though, there are high-performance chips without AMT and so on in that line. Drawback is you loose the IOMMU. Decisions, decisions...

Note: People not needing Intel & doing air gapped system can use things like PowerPC, SPARC, etc that are still supported by Linux/BSD. Also good for portability testing as a side benefit.

After the PHY-layer has established a link, the link layer is responsible for transmission and reception of Frame Information Structures (FISs) over the SATA link. FISs are packets containing control information or payload data. Each packet contains a header (identifying its type), and payload whose contents are dependent on the type. The link layer also manages flow control over the link.

Ask yourself "Why do I need 'control signals'" and when you understand that properly you will understand why you do not actually need them.

Okay, I asked myself the question. The answer myself gave me is the following: in order for nodes to understand what to do with data. In order to decide whether a header and its payload represent data or commands. In order for several devices to synchronize and share a multiplexed bus, handle hot plugging, in order to understand which direction data flows from (source and sink.) etc...

As a hint consdier the case of data stored on immutable storage such as a CDROM and how it can not have control signals.

Data stored on a CD-ROM doesn't communicate directly with the host device! It goes through an interface controller and logic such as a SATA controller, right?

Now the data on the CD-ROM is what you are trying to protect through a unidirectional data Diode that only allows data to flow from the CD-ROM. The Diode blocks data going to the CD-ROM. Now where does the data Diode sit? Between the SATA controller and the optical media, or between the controller and the host device? And how does the placement of the Diode affect protocol (at whatever layer) capabilities and limitations?

Ease of adoption is one of the things that comes to mind, especially in corporate contexts.

It's actually easier and more manageable to use built-in capabilities of the computing device (TPM.) Now Apple Macintosh computers don't heve a TPM (they used to have it for a brief period, but that's another story.) For enterprises that use Macintoshs heavily, this may be one option. Still, not a full solution. The concept of a dongle or something you have is hardly new...

It's actually easier and more manageable to use built-in capabilities of the computing device (TPM.)

No argument there, but I kinda like the concept of a small external device, preferably with auto-destruct capabilities, and that you can easily hide, destroy or otherwise dispose of yourself if ever the need arises. As compared to a fixed blackbox chip at the heart of your computing/telecommunication device. An easily removable TPM, kinda like a phone's SIM card, that I would find interesting.

@ 13th Arrondissement Glamour Fanciers

What kind of locks? Would your setup endure a thief with a bolt cutter?

Three different types none of which would last 5 minutes against a bolt cutter, but which fortunately is not (yet) a tool the average bike thief over here carries around with him, knowing only too well that getting caught with one is a direct ticket to the nearest police station and a search warrant for his home. Personally, I would very much support any legislative initiative to reintroduce tarring and feathering for convicted bike thieves.

And therein lies the other angle mentioned above: emphasizing extraordinary security, but trading off practicality and mobility.

Not quite, things can still be practical and mobile, think a pad of paper and a pencil in your pocket, to do the securing of the "confidentiality" and "integrity" of the information. Then if anonymity is not an issue, any computer old or new can be used just as a communications device, not realy any different than phoning a person up and reading the cipher text letter by letter down the line, or as in WWII transmitting a cipher text message one letter at a time in morse code.

The confidentiality and integrity of the message is thus dependent on the strength or security of the cipher system in use.

In a stroke you remove one of the most significant security issues we have these days which is the potential for "end run attacks at the combined comnunications and security end point" we call our computers / tablets / smart phones / etc. Thus by keeping the security end point beyond the communications end point, you make an attackers job vastly more difficult.

Importantly making an attackers job more difficult is the name of the game, compartmentalization and issolation are the two basic rules by which you play.

As I've noted before it is a fundemental mistake to do your ciphering / coding in an "online environment". Because as the old saying of "even walls have ears" in this day and age can mean your TV, light socket, fridge or any other electrical appliance can have ears or eyes to take your activities and communicate them to others, including the scratch of your pencil up and down strokes on the paper...

I know this sounds surreal to the point of Orwellian nightmares, but unfortunately people have "Demo'd the ideas in practice" already. And as our host has bern known to note yesterday's PhD idea is todays High / state level attackers tool and tommorows script kiddy attack. A little research on BadBIOS shows that within months one researchers nightmare became a practical demonstration and very shortly there after became a tool for those collecting marketing data, true it was months not days but it was not many of them...

However the real problem with privacy is an age old issue that is yet to be effectively solved. It's to do with Keying Material (KeyMat) and it's managment (KeyMan). That is to securely communicate via cipher or code, you must have securely communicated the Key Material. Which is a catch 22 type problem, which we thought could be solved by various mathmatical tricks to do with one way functions with secret trapdoors through to short cuts / circuits. Let's just say that the history of such algorithms, have been subject to strengthening. So not just two primes, but two primes meeting more and more stringent requirments for their selection, and it's only an assumption --but a good one so far-- that there actually are one way functions that can have secret short cuts, that can not be turned into general short cuts.

Which is why the likes of the state level entities use systems developed by their Signals Intelligence Agencies and still ship KeyMat by courier and diplomatic pouch, with all the problems that entails. Something they would not be likely to carry on doing if they trusted the mathmaticians assumptions.

Many software applications do not take the issue of KeyMat security seriously, as it is not just complicated and messy but has significant problems (lack of trustable true randomness being but one very serious issue). They do not address the protection of KeyMat as you will often see mentioned on this blog ( @Thoth will give you a run down on this as it's an area he has taken interest in ).

But at the end of the day the old "A chain is only as strong as it's weakest link" most definatly applies. Often that link is that six pounds of pink and grey fat between peoples ears. It's only designed to deal with "flight or fight, with an immediate danger" and that is a significant problem, because as Project VENONA showed the SigInt Agencies are if nothing else patient, not only do they record everything they can, they endlessly search for ways to break into secure communications.

Thus you have to have balls of crystal not steel as you need to look into their future as they will look into your past in future times (it's why I keep saying they are building an informational time machine or archive). Thus it's not yesterdays or even next months PhD you have to think about but any that may happen in your lifetime.

To even have a chance to do this you have to make your attack surface as small as you possibly can and further mitigate it against as many attack scenarios as you can think of. Hence I advise people to go with the "tried and tested fieldcraft" thus to "compartmentalize" and "issolate" as much as possible, and whereever possible avoid any process that is not fully transparent to you.

Thus by all means use technology for communications but make darn sure your security and communications end points are issolated and compartmentalized as much as you can.

Which to many does appear to trade convenience for OpSec, but as you can not tell how conservative or liberal the future may be, nor who is in charge or why, or what future crimes you may have already committed[1] I would urge the extra effort of OpSec over convenience for just about everything.

But of course there is the other future crime that already exists in the UK and has done since the turn of the century. At some future point you could be given a piece of paper demanding the KeyMat for a message you might have once sent or received. Not supplying the key gets you several years in jail via what is to all intents and purposes a secret court... Various other Western Nations have or are in the process of making similar legislation "for your own protection"... So maybe you need to have a further series of thoughts over OpSec for "anonymous" not just "secure/secret" communications... Which brings us back to old fashioned field craft.

[1] There was a news item today about a catering person in Turkey being found guilty of insulting the man in charge for saying to someone else he would not make a cup of tea for them. Thus they are facing four years of extream hard labour etc that there is a very real danger they will not survive...

The other half... I think we have a miscommunication about the word "control signals" ;)

Not of necessity, remember as with the missnamed "feedback" there are two types of control signals, those that feed forward and those that feed back.

Feed forward signals can go through the data diode without any problem as they rarely have anything other than obvious metadata purposes about the data that is to be sent. Whilst there is a potential for covert channels there is usually a way that this can be reduced or eliminated such as buffering and re-clocking for time based covert channels.

The problem with feed back control signals is that they can be used for covert channels that can reach all the way back transparently to the very heart of a security nexus. Thus the desire to eliminate them. The problem is that outside of simple acknowledgment they are mainly for "errors and exceptions".

The "errors and exceptions" can be reduced or removed by such things as coding and Forward Error Correction (FEC). Which is how the daya on a CDROM is mainly protected.

Thus you now need to think of cases where you think feed back control signals may still be needed and how you can reduce or eliminate them...

"Not quite, things can still be practical and mobile, think a pad of paper and a pencil in your pocket"

One of my X'mas 2016 present I received is a mini pen that could be folded and hidden snuggly within a wallet and to top that up, all I need to do is get a box cutter and make some small paper slips from A4 printing paper. That's my paper keymat distribution tools all within my wallet.

"Which is why the likes of the state level entities use systems developed by their Signals Intelligence Agencies and still ship KeyMat by courier and diplomatic pouch, with all the problems that entails. Something they would not be likely to carry on doing if they trusted the mathmaticians assumptions.

Many software applications do not take the issue of KeyMat security seriously, as it is not just complicated and messy but has significant problems (lack of trustable true randomness being but one very serious issue). They do not address the protection of KeyMat as you will often see mentioned on this blog "

KeyMats are still shipped with multiple split keys and couriers. Think of how a traditional HSM or diplomatic Encryptor is typically loaded by a quorum based approach over split secrets usually stored in portable smart cards and if requiring equipment to be rugged, Fill Guns come in many forms to do so. Secure PIN and secret value entry devices with tamper resistant properties to either manually key in the hexadecimal values of each split KeyMat (tried that before and was really a pain in the bottoms) is still being done today and are also used in HSMs and Encryptors for applications ranging from payment to protection of Governmental secrets.

Manual paper and pen work are still in fashion as I have mentioned that certain HSM/Encryptors may have a preference for certain use cases to have split keys manually entered in it's hexadecimal values to prevent polluting of different environments.

"Which brings us back to old fashioned field craft."

Old fashioned stuff that have endured for a long time are the best stuff.

It really depends on the security level you need and your use case although most people usually underestimate their situation and the security levels they require to protect themselves.

Wael
--Not my design, and yeah it's only data since that's what I care about transferring. As far as protocols go, I've thought about modifying a simple xmodem implementation to get rid of the ack checks. So far as I got what I mostly want, that may not happen, but this should definitely be more user friendly (ultimate would be a "drag-n-drop" GUI where I can just dump a folder or directory and it will appear on the other side). I don't see any reason why that won't work.

What reverse direction control rails you talking about? All the other standard end-run attacks would get past it (or if there was an audio, wifi, or visual channel b/w transfer PC's). There are additional simple countermeasures of course, to deal w/ those if need be (key words, if need be).

Thoth
--Ok lol, could've at least put a fake key or something :p Season's greetings, thanks for the card, but would prefer a finished groggybox. :p

Clive Robinson
--Yeah not sure what Wael's talking about but I don't think there will be much problems w/ errors unless you've got a serious RF noise problem in your area.

“…as our host has bern known to note yesterday's PhD idea is todays High / state level attackers tool and tommorows script kiddy attack. A little research on BadBIOS shows that within months one researchers nightmare became a practical demonstration and very shortly there after became a tool for those collecting marketing data, true it was months not days…”-Clive

I agree and the situation is getting worse.

In fact, as the speed at which chips become more powerful and smaller so does the ability to make small spy devices with significant spying capabilities and affordable to script kiddies, jealous spouses, Gum Shoes/Private Investigators, Sheriff Joe Blow, and pranksters.

In just one internet search - here are some low cost spy items:

[Spytecinc – I cannot vouch for the viability of their items and I have no affiliation with this spy device maker]

Sure, there are legitimate business uses for the above products. But, there are a lot of questionable uses for these products.

Next I found some older methods of surveillance counter measures:

[Wikipedia]

"Technology most commonly used for a bug sweep includes but is not limited to:
•Multimeters for general measurements of power supplies and device components.
•Broadband receivers to detect radiating hostile radio frequency transmissions in the near field.
•Time-domain reflectometer (TDR) for testing the integrity of copper telephone lines and other communication cables.
•Frequency scanner with a range of antennas and filters for checking the electromagnetic spectrum for signals that should not be there.
•Oscilloscope for visualisation of signals.
•Spectrum analyzer and vector signal analyzer for more advanced analysis of threatening and non threatening RF signals.
•Nonlinear junction detector (NLJD) to detect of components associated with hidden eavesdropping devices.
•Portable x-ray machine for checking the inside of objects and walls.
•Tools for manual disassembling of objects and walls in order to visually check their content. This is the most important, most laborious, least glamorous and hence most neglected part of a check.
•Thermal imagers to help find hot spots and areas higher in temperature than the ambient area temperature. Finds heat generated from active electronic components.
•Flashlight one of the most important tools to have beside a ladder for providing a competent sweep.
•Videoscopes to inspect small or inaccessible spaces, such as wall spaces, HVAC components, vehicle crevices, etc.
•Lens detectors to detect the lenses of wired or wireless concelaed covert cameras."-Wikipedia

I don't know if the above will cover cell phone mirroring and dumping tools or GPS trackers. What do you say?

[Next radio “spy devices”]

"Radio frequencies"

"Most bugs transmit information, whether data, video, or voice, through the air by using radio waves. The standard counter-measure for bugs of this nature is to search for such an attack with a radio frequency (RF) receiver. Lab and even field-quality receivers are very expensive and a good, working knowledge of RF theory is needed to operate the equipment effectively. Counter-measures like burst transmission and spread spectrum make detection more difficult.-Wikipedia
Devices that do not emit radio waves... Instead of transmitting conversations, bugs may record them. Bugs that do not emit radio waves are very difficult to detect, though there are a number of options for detecting such bugs. Very sensitive equipment could be used to look for magnetic fields, or for the characteristic electrical noise emitted by the computerized technology in digital tape recorders; however, if the place being monitored has many computers, photocopiers, or other pieces of electrical equipment installed, it may become very difficult. Items such as audio recorders can be very difficult to detect using electronic equipment. Most of these items will be discovered through a physical search.”-wikipedia

Other than getting tails on a live CD/DVD, a Silent Circle Blackphone, hiring expensive couriers, one-time-pads, data diodes, disassembling digital equipment, workplaces, autos, homes, “sweeping for bugs” and military style OPSEC, how do we realistically perform surveillance counter-measures?

Are there any consumer surveillance counter measure devices on the market? Can surveillance counter measure devices be constructed by the average Joe/Jill? If they can to what extent will they work? Any spy device finder would be of help. What do you say? This is a real question.

My search took less than on second. I clicked the first company in the search list. This was to demonstrate how prevalent and low cost spy devices are.

Further, there seems to be no defense… unless an group of savvy citizen turned the tables on the TLAs and spied upon all of their devices and made a list of said spies and who they are attacking.

Other than that, the spy device industry is growing rapidly and will probably cause huge adverse effects to privacy advocates and their lawyers.

I really don’t see any barrier to the average script kiddy employing these devices for fun and gains. The Monster spy industry is out of the bottle and will be difficult to put back in – or defend against.

Which is why the likes of the state level entities use systems
developed by their Signals Intelligence Agencies and still ship KeyMat
by courier and diplomatic pouch, with all the problems that entails.
Something they would not be likely to carry on doing if they trusted
the mathmaticians assumptions.

This strikes me as a significant observation.

A staunch Popperian, I am curious. Does anyone dispute it? Name me the
protocol that institutional spooks use instead of physical couriers.

You made (not surprisingly) some quite smart remarks and in a way provided a hands down primer; I wish, many would read that and think properly about it.

Some remarks.

- Our problem isn't a lack of *perfect* security, in particular OpSec. our problem is that 99% of the people are at the extremely poor end. Concrete: Sure, typing and then ancrypting ones confidential text and numbers on a notebook without network connection to then, say, rs-232 transmit the encrypted data to a networked PC to transmit it, would certainly not be good enough for a state agency. It would, however, be dimensionally better for Joe and Jane than what they do now.
What I mean is that our problem isn't that Joe and Jane don't use optocouplers (with proper electronics, EM being taken care of, yada, yada, yada) - our problem is that Joe and Jane work on their condidential information on an ipad an then send that out, say, over their smartphone - both being used also for general browsing, porn watching, online shopping, etc. and both being weakened even more by snakeoil "security" products (possibly even illegal copies).

- keymat/keyman - I happen to know a rather high ranking us-american diplomat who is beefing up (I assume) his pension by occasionally working as a courier for his government. Of course I (and probably he) don't know what's in the envelopes (actually special briefcases) but I guess keymats might be one typical sort of content.

I think the question of some if put wrong. It's not either or; it's both, I strongly assume. Actually I myself have used some mechanism like that for a client. There were "couriers" involved (innocent normal drivers who visited the satellites anyway, mostly carrying office documents, technical plans, etc. around), who got yet another envelope for keymat/keyman purposes. The pivot was to once distribute in a properly secured manner (multiple couriers, security men and even a lawyer not knowing each other and watching each other) a piece of paper with a seed for a crypto PRNG. From then on confidential encrypted material as well as new keys from time to time would be distributed plus yet another element was given over the phone.

The idea was that no keyman element failing would bring down the whole thing nor would it considerably weaken, let alone, spill the guts of the mechanism. I remember some people looking strangely at me when I suggested to transmit certain critical elements on paper but to you I will certainly not need to explain. It's amazing though, how much blind trust people have in electronic storage, no matter whether floppies or usb sticks. There seems to be a "but it's *ours*, it's new, never used before and/or freshly formatted" virus out there.

- RSA - one nice attribute (well, from my perspective) of ECC is that it's inherently (modestly) more complex. RSA relies too much on properly selected primes (which is weird anyway as in the vast majority of cases *probable* primes are used).
I do rely on math happily, however. In my minds eye and experience it's the one realiable pillar in a strange ever changing highly dynamic world with a *huge* human factor.

Are there any consumer surveillance counter measure devices on the market?

Yes there are. But they tend to be quite expensive. Look for TSCM, i.e. Technical Surveillance Counter Measures, and you'll find quite some OTS equipment out there. Then fork out some additional dinero to turn your man cave into a Faraday cage on top of investing in anti-TEMPEST/Van Eck Phreaking equipment such as that sold by the likes of Emcon.

That is of course assuming you have also already applied most, if not all of @Clive's advice regarding strict isolation and energy gapping in addition to meticulous network segregation and highly paranoid NIDS and egress filtering set-ups.

To cut a long story short: all electronic operations, communications and storage are inherently insecure. The easiest and cheapest way to work around that is by reverting to old-school pencil and paper, OTP, KeyMat and dead drops. For which there are plenty of good guides.

Which is not to say that you can't successfully mitigate against electronic tracking and surveillance, but depending on whom you're up against, it rapidly becomes a very expensive, time-consuming and cumbersome undertaking requiring quite the specialised knowledge, experience and other skill sets that are just beyond the average individual or company.

More golden stickers (literally) for the happy holidays while I was looking at the latest Chinese made "secure" smartphone hype claiming to have embedded crypto chip (I highly doubt so and guess it's another ARM TZ stuff again).

Ironically, it features a Golden Shield icon on it's phone's pseudo wallpaper. Oh ... did Golden Shield remind you of the Chinese censorship system also called the Golden Shield Project ?

Bottomline, any phone with modern ARM Cortex A series will naturally support the ARM TZ profile and then use it as marketing hype for it's so-called hardware security that's more of a security theater or a security trap.

That's good to know. Or is it? If Sony cannot be secured, how can anyone?

Meanwhile,

“Ministry of Truth” Plus $611 Billion for the Military in 2017: Obama Quietly Signs the “Countering Disinformation and Propaganda Act” into Law

"...the legislation seeks to leverage expertise from outside government to create more adaptive and responsive U.S. strategy options. The legislation establishes a fund to help train local journalists and provide grants and contracts to NGOs, civil society organizations, think tanks, private sector companies, media organizations, and other experts outside the U.S. government with experience in identifying and analyzing the latest trends in foreign government disinformation techniques."

But, I can't quite figure it it out. It sounds like a vast militarized worldwide censorship, fake news, counter fake news and propaganda machine has been created/made legal, ala' "The Ministry of Truth".

Seemingly professional journalists will go on .gov payroll to write and edit propaganda for the US government.

It's a good thing this was announced during the holiday so people would be too busy celebrating to read about it. Otherwise, a few folks might have been upset. Not me of course.

"He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished.

Thank you so much for those impressive stickers! I'm right now copying some of them to print them out and to put them on my android system to make it "110%-trust-secure" (tm).
That plus my DES13 plus RSA-32 "golden-shield-crypto-secure" (tm) alcorithms will make my android 4.3 an "impenetrable fortress" (tm).

A business idea just in case you are interested and have the free time to do so. Get a reel or a batch of NFC stickers with Type 2 variant and print your own golden stickers.

Since the NFC golden stickers are using so-called Type 2 tags, there is a read-only mode where you write information once and it locks in place. You can put public keys inside the NFC tag or some URLs that have more golden stickers.

You can effectively paste them on your phone, distribute them like "name cards" of sorts or even sell them since it has those fancy golden seals and weird data you burnt into the cheap stickers.

Maybe if I have the time, I might try to purchase a small batch and try to get a normal laser inkjet printer to print some nice designs and give them away (that's with an IF clause).

@all:
social media and personality correlation (not causation yet) established:https://www.sciencedaily.com/releases/2016/12/161220175543.htm
The analysis, published online and scheduled for the April print issue of the journal Computers in Human Behavior, showed that people who report using seven to 11 social media platforms had more than three times the risk of depression and anxiety than their peers who use zero to two platforms, even after adjusting for the total time spent on social media overall.
"This association is strong enough that clinicians could consider asking their patients with depression and anxiety about multiple platform use and counseling them that this use may be related to their symptoms," said lead author and physician Brian A. Primack, M.D., Ph.D., director of CRMTH and assistant vice chancellor for health and society in Pitt's Schools of the Health Sciences. "While we can't tell from this study whether depressed and anxious people seek out multiple platforms or whether something about using multiple platforms can lead to depression and anxiety, in either case the results are potentially valuable."

I guess with the limits the laws of physics give us with regards the conduction, radiation of energy over time and how much energy per bit of information is required to transfer the information a given disyance with an acceptable "Bit Error Rate" (BER).

The fundemental two laws state that neither energy nor mass can be created but are interchangable (the equivalence is given in Einstein's equation E=MC^2). And that energy and matter move from an organised to disorganised state by a process called "entropy". The latter gives us two results, like heat (which it is in effect) energy moves from hot to cold and ultimately ends up as "Background thermal noise" which people often call --incorrectly-- "White Noise" at a level called the "Noise Floor".

Thus no matter how powerful a signal source it will disipate with distance and reduce down to the level of the noise floor becoming steadily more dificult to receive with any accuracy. Because the noise floor is "random in nature" and "only has an average level" it can go up as well as down. Thus any signal starts to be effected by the noise and at some point the random peaks in the noise will render the signal sufficiently ambiguous that a bit of data might be incorectly estimated as a zero when it should be a one or as a one when it should be a zero. Which is where the BER comes from and indicates at what point you can expect a certain average number of random errors. Whilst I can give the formulas or you can look them up, they require a lot of other knowledge to make detailed sense of, but the overall picture is easy to see on an old analogue TV or hear on a simple receiver when they are not tuned into a sufficiently strong signal (it used to be possible to see the "cosmic microwave background" which is a signal still around from moments after the "Big Bang" around 14Billon years ago).

Thus the question of how far a signal will go before it starts comparing in size to the noise floor becomes of interest, and it is one of the fundemental things "TEMPEST technicians" get taught. And the answer is not simple for a couple of reasons. The first is there are two transportation methods, conduction and radiation and the second is they both apply in various ways at the same time depending on the nature of the medium of transportation... But very roughly in the case of sound energy we can get a feel for this in a quiet railway station. The rails act as a conduction medium that also radiates. As a train creates vibration via it's wheels the sound is conducted away from the source down the length of the rail which then radiates a small fraction of the conducted signal into the air around the rail. Thus being very close to the rail the train can be heared a very considerable distance away. The train also radiates it's noise signal into the air and this disipates with the square of the distance. Thus what you hear is the sum of the two radiated signals. Thus you usually hear the rails "twitch or sing" long before the train can be heard or even seen, but at some point the signal radiated by the train can be heard above the signal radiated from the rails. The same applies to all forms of energy that get transmitted by conduction or radiation.

The next thing to note is that anything that conducts and radiates energy is also susceptible to any energy that crosses it. That is energy from the wave front gets coupled into the conductor that then has to go some where, either conducted or radiated from the conductor. This is part of the problem with cables inside equipment that although not part of the confidential compartment circuit, can pick up information from the confidential circuit and conduct it away to be radiated outside of the equipment, sometimes at considerable distances. It can also modulate any signals in that conductor that then may well get amplified as part of an intentional communications system. This issue arises quite often on ships, and a few years ago there was a bit of a curffufal over US coastguard vessels not having sufficient TEMPEST mitigation.

There are however other issues, for instance a transducer converts one type of energy to another sometimes very efficiently. One such is the magnetron microwave valve that converts DC power into Microwave energy, however the magnetron frequency is very susceptible to very small changes in the anode supply voltage, thus any noise on that line gets to frequency modulate the magnetron output. Another bidirectional transducer is the moving coil speaker that works just as well as a microphone, and can with the correct two to four wire hybrid circuit act as both simultaneously (a security issue that has recently been brought back up again but goes back to at least the early cold war days and earlier with some telephone ear pieces). Other transducers such as motors/generators and transformers tend to get forgotten about by those not sufficiently clued up about transducers.

Of further interest is the power transfer theorem also called the maximum power transfer theorem, which simply put is about matching the impedance of a generator to a transmission and then to a load. In theory if all are correctly matched then all the power gets delivered to the load and thus radiation from the generator and transmission line is minimized (it's actually way more complicated than that but it's a first step). Mismatched lines radiate in various ways and thus they can "illuminate" other systems and either carry or get cross modulated with information. It's partly on this idea that the Great Seal Bug / Thing worked. Likewise mechanical modifications to typewriters (both of which the CCCP did to the US Ambassadorial Mission.

Whilst all these are well within and explainable by the laws of physics, few engineers or scientists tend to think in these ways.

The advent of very low power microcircuits have allowed not just battery less operation (like RFIDs NFC etc) it has further extended the cat and mouse game between red and blue teams into the time domain. That is devices can now "store and forward". Without going into details a bug can be powered by more than one illumination source or the source can be modulated to send data to the bug (see the way RFIDs etc work). Thus the bug can be in a low power mode where they simply record, compress and store digitally audio or other information in a confidential zone. Then be switched to a higher power mode to "burst mode" transmit the data to a data collection point that can then in turn forward the data over say Mobile Broadband.

For obvious reasons bugs that do not radiate signals are not that easy to find by conventional means...

There is as part of entropy a requirement that not only do you not get "something for nothing" you will always have to lose energy in going from the disorganised to organised state. So no 100% efficiency or "perpetual motion machines". Also the energy used to do work can not be destroyed to it has to go somewhere, eventually as the ultimate form of pollution "heat". That is an active device will always be at a slightly warmer temperature than it's environment. So in theory could be found by a sufficiently sensitive thermal imaging device. However the few millionth parts of a watt that modern circuits can operate on is generally insufficient to pick up beyond a very short distance. That's not to say that thermal imaging is a wash out for bug detecting, on the contrary it can work quite well. Put simply you get the environment to a steady state temperature, then rapidly change it. As different materials have different thermal characteristics a bug can quickly develop several degrees difference in it's temperature to it's surrounding environment. A series of images taken at regular intervals until the environment reaches a new thermal equilibrium will when enhanced with appropriate software techniques show all areas where there are differences in thermal characteristics. This includes the likes of "pin hole acoustic wave guides" that lead to microphones etc mounted on the other side of walls.

But this is not the only technique that can be used, transmission systems to transducers have characteristic impedences that are frequency selective. Thus if illuminated of frequency reflected energy will come back at the illumination source. Similarly a focused system, which is why you get the "red eye effect" in photos taken with cameras with built in flash units. This technique works with nearly all transducers and their feed in transmission lines.

Thus you have the likes of "time domain reflectometery". Where a very fast rising edge contains energy in nearly all frequencies. Thus any mismatch will cause energy to "bounce back" with the time delay giving a range and phasing information a direction. Thus an environment can be mapped to produce a 3D image of otherwise invisible transmission lines / transducers.

A few years ago although the sensing head systems were available, computing power for DSP type activities was not sufficient for the task.

And it's the increase in computing power that is making not just bugging but bug detecting technology viable, and we are entering the stage of the game that ECM systems did for missiles etc. in the 80s and 90s.

“We live in a world of radical ignorance, and the marvel is that any kind of truth cuts through the noise,” says Proctor. Even though knowledge is ‘accessible’, it does not mean it is accessed, he warns.
“Although for most things this is trivial – like, for example, the boiling point of mercury – but for bigger questions of political and philosophical import, the knowledge people have often comes from faith or tradition, or propaganda, more than anywhere else.”
Proctor found that ignorance spreads when firstly, many people do not understand a concept or fact and secondly, when special interest groups – like a commercial firm or a political group – then work hard to create confusion about an issue.
Another academic studying ignorance is David Dunning, from Cornell University. Dunning warns that the internet is helping propagate ignorance – it is a place where everyone has a chance to be their own expert, he says, which makes them prey for powerful interests wishing to deliberately spread ignorance.

My [DD] worry is not that we are losing the ability to make up our own minds, but that it’s becoming too easy to do so.

Not really. Sony (SPE) has already been hacked to Kingdom Come about a gazillion times by, well, pretty much everyone. From what I've been told it's nowadays even a membership prerequisite with any self-respecting group of script-kiddies wearing Guy Fawkes's masks.

Obama Quietly Signs the “Countering Disinformation and Propaganda Act” into Law

A much needed agency in a time where less and less people - especially in Europe - buy the overall US narrative on kinda everything and where even an authoritarian as Vladimir Putin suddenly comes across as a reasonable man when compared to the batshit insane, post-truth rantings of its president-elect and his merry cabinet of billionaires.

Wael
--You want a description of a hardware UART or the FT232 or the virtual com port or the windows api's or the optocoupler. From: https://realterm.sourceforge.io/"You can dump a file directly to the port. Files are sent raw , the exact bytes in the file are sent out. There is no "protocol" and just sends everything. (versions before 1.14 swallowed ^Z / 0x1A). Hex values, python/c style backslash sequences etc are NOT converted to anything, just sent literal."

So I still don't know how it's sent exactly, couldn't find source code yet, and haven't worked w/ USB chips that much. In the past I've enjoyed Realterm b/c it was the only terminal program I could send raw hex commands to a device to verify it worked as spec'd, I didn't know how Realterm did it though. At the optocoupler though, that's pretty simple and can be mostly understood after a few mins with the small datasheet.

I just wanted to see the security boundaries and what happens at each boundary crossing. Also wanted to see at which layer your Diode is operating. It would seem that it operates at the physical layer (Optocoupler) and the application layer (your source code.)

If your Optocoupler isn't bidirectional and is the only path to your data sink, you should be ok, given that you are aware of possible out of band paths. Above the physical layer, you don't have much control as you are relying on low level protocol implementations (either built in the OS or the development board: USB, UArt, etc..)

If your optocoupler is bidirectional, then you're not enforcing anything at the physical layer except for electrical isolation, and you'll need to look at the wire (or light) to see what passes through.

Wael
--Just connecting TX lines to RX lines, and +5V and GND across each side, works (can't send anything back) but not galvantically isolated (plugging in one side powers both sides) and there's a potential of say pins being remapped on the fly by a malware in the FTDI chip.

That possibility (unlikely as it may be) is taken care of mostly w/ optocoupler that advertises as being 1-way (could have a backdoor hardware, same thing in reverse but imagine that would be a lot harder to design than a 1-way, even though 2-way optocouplers are common on market I think). Anything going wrong here will be a big red flag of malware that failed. If the doc's are false and there's backdoor components in the IC then that's hugely negative for Avago, from an integrity and competence standpoint. These are likely used in things that need to do what they claim.

Building one from discrete components is next to reduce those odds, and making better applications on PC's we actually use to make it more smooth and comfortable to use (where it'll actually get used, doing this on Realterm is not there yet, not attractive). Where to go next, I'm not sure, different ways to skin a cat probably.

I mean buy one for and convince yourself and try to send something from TX to RX terminal, even w/o the optocoupler. I want this to force end run attacks (more work, less chance of working and more often used which means greater odds of getting caught out and exposed).

Dirk Praet • December 27, 2016 9:25 AM.
Yeah, Dirk. Joseph Goebbels ministry was very successful in brainwashing Germans. You may see documentary 'Forbidden Films' (as best of memory) which presented episodes of Movies (most of them currently available with English subtitles as whole)made under JG command. Some of them currently prohibited in Germany without introduction of professional critics on subject of those movies. The difference is that in his (JG) times SS and Gestapo officers in particular had to see those movies with their families mandatory, but now due to all social media platforms and spread of ignorance (please see related posts above) through current technologies, suggest- ability increased dramatically. Folks indoctrinate themselves using those sources without verification and cross-reference/check on information from at least two independent sources. Solution: think with own head, do not digest information without grinding it - just point of view.

Wael
--That's what the optocoupler is essentially (no phototransistor, high speed LED and photodiode), but ok let's see it if you can do better. You need an LED somewhere for either of those. Also how to connect to PC?

@ Dirk Praet
“Then fork out some additional dinero to turn your man/women cave into a Faraday cage on top of investing in anti-TEMPEST/Van Eck Phreaking equipment such as that sold by the likes of Emcon.” –Dirk Praet

[Emcon]

‘TEMPEST Level I Getac S400 G3 Laptop’

“Based on Getac’s popular third generation S400 laptop, and with the look and feel of a COTS model, this semi-rugged notebook with Emsec/TEMPEST security accreditations was developed specifically for public safety, field service, and military applications. With MIL-STD 810G certification for temperature, shock, and vibration and weighing less than 7lbs (configuration specific), the S400 is equally suited for demanding work environments out in the elements as well as for everyday office use.”-emcon

Interesting laptop. But, you are correct it is expensive. The cost alone would put it out of reach of most small and even medium size business [ROI, break even points and such]. Basically it is cost prohibitive for the average Jane/Joe

Btw, if this laptop has an i5 processor would not the Intel Management Engine [vPro] be a backdoor in and of itself? It would seem to leak iKVM resources to the outside world via internet interfaces.

All and all, an interesting site. Thanks.

@ Clive Robinson

“Mismatched lines radiate in various ways and thus they can "illuminate" other systems and either carry or get cross modulated with information. It's partly on this idea that the Great Seal Bug / Thing worked. Likewise mechanical modifications to typewriters (both of which the CCCP did to the US Ambassadorial Mission.” –Clive

Yes, I remember reading about the Great Seal Bug and how it worked. Is not the laser beam to vibrating glass the new method/preferred of spying [except recording all cell phone communication]?

“…an active device will always be at a slightly warmer temperature than it's environment. So in theory could be found by a sufficiently sensitive thermal imaging device. However the few millionth parts of a watt that modern circuits can operate on is generally insufficient to pick up beyond a very short distance. That's not to say that thermal imaging is a wash out for bug detecting, on the contrary it can work quite well.” –Clive

That is an interesting idea. Can a digital video camera be converted to show thermal images?

I have read of cases where the taliban were using cheap video cameras taped to barrel of their AK47s to detect laser illumination by enemy forces and it seemed to work fairly well. But, that was for military laser illumination which is probably fairly powerful.

If a cheap video camera could be modified to show thermal images it may be possible to use it as a bug finding device by people. But, that is a big “if” to say the least. Thanks.

Any of you have ideas of how to identify “bugs” or digital surveillance devices trained upon you or your family?

I hear the 2017 NDAA wants to arm Syrians (moderates)
with MANPADs. What could possibly go wrong with that
wonderful idea ?

Like the movement of spookery into script kiddyland
some things make you cringe at the thought. Portable
man packed anti aircraft rockets are far too effective
against civilian aircraft to make anyone comfortable
with the idea of passing them out to random nutjobs
in the middle east. I know there's a big thrill in
arming the world to enhance the bottom line of the
warmonger class but some of it is a really bad idea.

Optically, either through free space or via a light waveguide; a fiber optic cable. The receiver and transmitter power supplies need to be isolated. You'll have to deal with clocking and synchronization through your own encoding.

"Btw, if this laptop has an i5 processor would not the Intel Management Engine [vPro] be a backdoor in and of itself?"

There's security software available for the types of people who buy these to address that. Assuming they don't use it air gap style where it doesn't connect to public networks. That's most common for such people. Note that this isn't about the backdoor so much as the risk a foreign power hits it. The people in defense buying TEMPEST laptops aren't the ones that have to worry about NSA spying. So long as they keep being "good" boys and girls. ;)

They also get cool tech I can't have like this or especially this. Compare and contrast that to consumer enclosures claiming to do the same thing.

Interesting discussion. There are galvanic isolation optocouplers available. There are also optocouplers that have HV isolation. Circuit board design for HV isolation applications requires care:) Best bet for both HV and GI is fiber optic cable. IIRC, medium run, plastic fiber (uses visible light(red)) is good up to 1MHz. Cheap too. Of course it wouldn't be too difficult to design a board with an LED, photo-transistor, and an op-amp. Are you driving from RS232? It's also possible to drive the pins 'directly' from your own code. I'd use the control lines. If they're gonna break ya, might as well make 'em work for it:)

The silicon sensors in webcams and most other consumer cameras don't work well at wavelengths longer than about 1 micron. There is a new inexpensive FLIR sensor out for cell phones that works at 7 to 14 microns wavelength, where ambient temperature objects like humans and circuits radiate. It's low resolution and being an inexpensive, uncooled sensor, it's a bit noisy, but it will show up the temperature differences that Clive suggests.

@tyr

The substance of the Benghazi mission was rounding up weapons (apparently including MANPADS) from Libya for shipment to Syria. Someone posted links that looked credible.

@JG4,
Re: New Yorker article. I've often wondered what kind of computers ran the Minuteman silo system. Maybe I can get one of those IBM System 1s. The author, Eric Schlosser wrote “Command and Control...", a scary book I highly recommend for everyone interested in nuclear weapon security.
. .. . .. --- ....

I'm not sure what @Figureitout is trying to build aside from a working Data Diode to enforce one directional data transfer for security reasons. I think it's a good exercise. It's becoming apparent, though, that he's implementing the Diode on a single device. Terminal to terminal running on the same device. I'm still not sure, probably a crude schematic would make it easier to visualize (in addition to a description of the use case, which I may have missed in a previous post.)

I'm describing a way to implement the Diode on two separate and electrically isolated devices. The receiver could potentially by also air-gapped with a single unidirectional ingress light (Optocoupler) data line.

If you want to develop this on the same machine, then the separation boundary will have to be logical. You'll need a kernel mode device driver to control the HW. You'll also need to protect access to the device driver. If I were to do that, it would have to be on an open source platform, probably FreeBSD.

You can have a civilian version of cool toys too if anyone is bothered to look hard enough. OpenIO have created a NAS + Amazon S3 on a stick and you take this stick and attach it to your hard disk and it runs web service and acts as network storage.

This is a good basid for an IME since the S3 API and NAS are simply a stripped down and modified Linux OS on the Maxwell ARM chipset.

A little modification to the OS to listen to incoming SATA traffic and then translating it data encryption and decryption could be done since it's mostly software.

How about secure key storage ? Just add in a SIM card slot to use a SIM card as a secure key store. If the crypto operation is more sensitive, you could even request the SIM card to execute the security operations on behalf of the main CPU.

A metallic and ruggardized casing can be architect around the chipset to allow portability of the chipset. If a casing is used, a screen and keypad adapter for password authentication on the IME device can be done and offers more security.

To prevent classifucation of such device as crypto-munitions, the modified OS can be placed on Github and the device contains no OS whatsoever. No SIM card is shipped as well so the device without these security tools will be regarded according to ITAR rules as a regular consumer computing device.

To prevent tampering by inserting custom firmware into the CPU during shipment, the CPU should not have any read/write locking enabled and a clearly published firmware to be expected so that when the chipset arrive, one may dump the CPU's formware to inspect. That's the best that can be done to prevent tampering as much and also not cause it be classified as crypto-munitions. If the ARM TZ were to use for secure boot since the ARM chip mentioned is capable of TZ, it is best not to enable ot as this will also flag it as possible crypto-munitions and prevent export/import.

Happy Holidays to the JTRIG maggots from GCHQ who infest excellent comment boards like this one. You can keep on pushing your agendas and attempting to influence consensus, but there are a lot of bright people on here who can smell that kind of interference and goalpost-moving.

If you work in JTRIG, maybe you believe you're some kind of patriot. No. I think weasel or maggot are much better characterisations.

albert
--The HCPL 7723 is galvanically isolated, think most any optocoupler is (or it's not doing its job). Has a UL rating of 5000 Vrms for 1 min per UL1577: http://u.dianyuan.com/bbs/u/33/1127368368.pdf and 630 Vpeak per IEC/EN/DIN EN 60747-5-5. Sancho and I are using these at USB 5V level lol. Don't even need this level of optocoupler.

No not driving RS232, USB 5V. What control lines are you talking about? We don't need them. There's 3 lines on each side, +5V, GND, and a signal line.

Waeleither through free space or via a light waveguide
--Well make a decision, 1 or the other. TX and RX supplies are isolated in the traditional sense.

Who's got a fiber optic cable on hand? Who can just plug those in their PC w/o an adapter?

I'm not sure what @Figureitout is trying to build
--It's built, it's done, it's not hard and it works. I just need a simple board which I'll probably make. One of the quickest and easiest projects ever, those are the fun ones. I've been wanting a data diode so long so I pushed this up my fifo queue.

Terminal to terminal running on the same device
--What?! No no NO!! It's separate PC's, c'mon now, wtf. I'll make a blogpost about it later w/ pictures, I want to make videos but we'll see. 2 Windows PC's right now (since this is what I want to move files off and on the most, do the most work on windows pc's). Here's a pretty layout of exactly what I'm doing, very pretty and simple: http://imgur.com/a/5Cv19

Transformer for each power supply is already providing isolation, but you can get 2 gas powered generators and go to town. Also can use 2 netbooks running on battery power, one of my test nodes (was TX) was.

Well, you have the adapters already built! Just chop your Optocoupler in half, and use the fiber optic cable as an "extension cord". That's why I would use discrete components. Of course you'll need "shielding" so no one snoops on stray "lost photons" ;)

What?! No no NO!! It's separate PC's, c'mon now, wtf.

Relax, ma man :)

but you can get 2 gas powered generators and go to town.

Meh...

Looked at the description and photo. No ACK, NCK, feedback, etc,.. ok, no chance of abusing sidechannels or control lines -- they don't exist. It's a best effort contraption, a UDP type thingy...

Certainly plenty of opportunities out there with regular devices. I'm talking Type 1, TEMPEST, rugged ones. Clive found old COMSEC gear on eBay once. Past that, it rarely shows up given it's a controlled item (CCI).

@ Figureitout

That octocoupler looks big enough to fit 4+ cores in 28nm SLP on the inside of it with little power draw. Plus a RF device that leaks what's receiving or transmitting along a frequency that interferes with your electrical wiring. It can carry the signal out to the tap on the outside of the building. You're brave telling them you're ordering octocouplers while posting the use case online. They can just subvert any going to your house or dad's company.

Well, all this at least in your threat model. Good luck, though, as mine allows me to put one of those to use once you publish the design files and an EE builds it for me with components I source myself. :)

@ Wael

Coincidentally, another person and I were recently talking about how to apply the octocouplers for eliminating electrical-level attacks between boxes at I/O level. I was of the opinion that there's probably quite a few suppliers of these things, esp those at serial speed. Probably lots of used devices to pull them out of, too. My claim was one could deal with interdiction easily with obfuscation given a large number of suppliers and types of equipment using them that would have no reason to be subverted in a way amendable to remote attack.

I was curious if you thought that supply analysis was true in your embedded experience or did I overestimate how many manufacturers I can get them from? And what commodity, esp cheap, devices have them the most that one could scrap for parts. I assume remote controls with IR are an easy source but don't know their bandwidth. They sucked for just sending simple numbers. A whole conversation might be a stretch.

Note: Imagine computers attached to stripped boards of remote controls that are all aiming at each other. It would look weird. I'd have to tell visitors it was a free energy device so they'd think I was stupid instead of a threat. Maybe start doing that with all INFOSEC projects. ;)

Hi @Figureitout
A optocoulper is a led mixed with a photo transistor in a ic, you are right it supplies electrical isolation, but you can't use cables.
Check mouser.com out for parts that are seprate.
The udp thing is important, it's a statless protrcol.
Maybe a third party inbetween cable could handle the control signals.
Lookup ieee and other source's for a datasheet

@ Nick P
“There's security software available for the types of people who buy these to address that [Intel ME vPro problem].”- Nick P

Interesting. Where do I find this software?

[GD products]

“The ProtecD@R® PC encryptor secures data, imagery, video and other information stored on computer hard drives. The ProtecD@R PC is a single unit that can be installed into a desktop computer, or attached to a laptop to protect information classified Secret and below.”
•NSA certified for Secret and below
•Low cost and easy to use and install
•Configuration, management and recovery via local serial port or ProtecD@R Manager GUI Transparent operation, no host dependencies
•Portable, small 1"H x 4"W x 6.4"D form factor
•Self-generated key unique to each device
•Simplifies transportation of classified data
•Non-CCI simplified handling and transportation
•Compatible with any COTS computer with SATA interface
•Compatible with 3.5- and 5.25-inch storage bays or can stand along and be connected to the laptop eSATA port
•Operating System agnostic
•Field tamper, zeroize and data recovery
•Low latency, transparent to end users
•Quiet, no moving parts increases reliability, decreases maintenance"-GD

“Developed and certified by the US government, the KG-201 is the first mobile media encryptor that protects classified Data at Rest (DAR) at Top Secret (TS/SCI) and below. In the event that a classified laptop, notebook or other mobile computer is lost, stolen or tampered with, its hard drive remains encrypted. Simply remove the KG-201 Cryptographic Ignition Key (CIK) to quickly secure the hard drive and eliminate the need to handle it as a classified device. For added convenience and portability, the KG-201 is able to house your laptop’s hard drive or act as an external hard drive for secure mobile and transportable data storage. It’s also small enough to fit in the palm of your hand and easily connects to any brand of commercial-off-the-shelf (COTS) PC via USB. In the event you need more secure data storage capacity in the future, simply replace the hard drive housed inside your KG-201 with a COTS hard drive of larger capacity.”-GD

The latter looks most promising. What price is it? I would suspect high. And, I notice usb 2.0 on the first item which can be slow on TB drives.

@ JG4

“The silicon sensors in webcams and most other consumer cameras don't work well at wavelengths longer than about 1 micron. There is a new inexpensive FLIR sensor out for cell phones that works at 7 to 14 microns wavelength, where ambient temperature objects like humans and circuits radiate. It's low resolution and being an inexpensive, uncooled sensor, it's a bit noisy, but it will show up the temperature differences that Clive suggests.”-JG4

That is promising. You have hit on what I am looking for – which is after a bug or homing device has been planted – a method to ID it and remove it. Do you have any cameras or even chips to recommend? Thanks.

For “research purporses” is buy and owning such equipment legal under the United States Munitions List (USML).

I took a brief look at the list and it is mostly for export and mostly for potent military weapons up to nuclear weapons. I don’t’ think encryption or night vision items in purchased the States for non-export is considered an export of munitions on that list – but I could be wrong.

It's becoming apparent, though, that he's implementing the Diode on a single device.

Perhaps the most sensible strategy for the early development phases.

Importantly it enables you to develop the low level hardware in a clock independent way. Thus when you try using BER to determine upper baud rate you are measuring what you think you are, and not having clock jitter / drifft / offset issues --you would get using two seperate devices-- contaminate your BER readings.

You would be supprised just how often clock issues muck things up. One way to spot a clock issue is to take a status line out and change it's state every time you get a Bit Error detected. If you display this on an oscilloscope with a quite slow sweep rate you can see the bit error signal produce a regular almost sinusoidal pattern, the frequency of which tells you the relative clock frequency differences if clocking issues are the problem.

Such devices are not sold to anyone not authorized by the US Govt for purchase. Even if it is not configured for CCI usage, it is still beyond the reach of anyone not blessed by the US Govt to own one.

I did mention above on re-purposing a OpenIO board in the post above for a civilian level IME with possible capabilities close to the GOTS stuff except that my description is not TEMPEST rated. It is nice and cool to own a GOTS encryptor but how many could obtain one legally ? The next best option is the open source and open hardware variant I described and even if it is not TEMPEST rated, it is going to give TLAs a hell of a time to handle already which is better than nothing.

re: USML

USML is like a list of "no sharing of toys for my foes" list. Kind of petty and childish at best. Even if the US does enforce ITAR, China and Russia would simply ignore and that's how N.K. and Iran gets it's toys even with ITAR restriction. Only those seeking good favour with BRUSA/5Eyes alliance would bother to enforce ITAR.

CyanogenMod shuttered it's doors and LineageOS (a fork) opened it's gates. Hopefully this could be a chance to clean up the messy Android codebase via a fork and put open source security at it's center which was never the DNA of CyanogenMod nor Google Android.

What the LineageOS devs could do to harden Android:

- Modify the kernel into a micro-hypervisor and run everything above in the userspace (gonna be very tough and will definitely need lots of effort and resources but worthwhile).

- Security as it's main focus.

- Default filesystem encryption without options to shut down encryption and per file encryption (just like Apple).

- Increase integration of external smart cards and secure element in the form of TPMs, smart cards (contactless or contact) MicroSD with SE embedded form factor and so on as one of the authentication, key storage and cryptography options. The current NFC/SIM/Keystore library in the Android library is insufficient.

Although smartphones are not capable of being trusted computing devices and many of us have voiced opinions to move the security critical functions off the smartphone device, every little step to harden the phone would be very useful into making everybody a harder target even if the security levels were only to improve just so slightly.

If I may chime in and help us to get our feet back on the ground again.

So, we should simply use optical fibers? Oh wait, we do have that already. Let's use the fiber connected cloud!

Of course, Nick P is right when he says that that optocoupler chip is large enough to fit a couple of processors on it. But I'm not too worried; for one the chips size is merely a convenience for many users (one could get tiny smd opto-coupler, too, Plus, they are cheap enough to buy some extra to mistrustingly cut them open) and then, a cpu won't do much harm without any pins for itself.

What I would be more worried about is that the opto coupling brings little unless there is a reasoably minimal distance between the two devices. The way it's dicussed here, i.e. with both sides either face to face or else connected through another electrical connection, what's gained, other than some split line connected optically?

I guess the recent article and discussion about the "killer" (high voltage) usb stick might have played a role. And yes, against that the opto-coupling might protect.

But otherwise? Whatever an eavesdropper did to listen in on your signals (electrical side) could still be done. Some micrometers distance in an OC don't change that.

Sometimes it's good to be an old stick. Such, I remember (and still have some equipment, hehe) the glorious old high-tech days with, I think it was called "ired": laptops had some infrared optical spot where one could put some, say printer, which also had that ired feature and one could print without a cable between laptop and printer. Does that ring a bell?

So, how about getting some of those old tech pieces and then add Nick P's and Clive Robinsons "paper, paper, paper!" credo to the mix?

The only thing missing would be some OCR for the other end, for the network connected side.
From what I remember, about the most modern thingy with that ired tech was 486 based notebooks; maybe there are some old pentium, too, for those here who prefer something readily available to just switch on.
For the more hardcore guys one might build something similar for the optical stuff and add it to some old Pentium (no, vpro and other sh*t). throw in, say Oberon, et voilà, there one had the secure side, the station on which confidential material can be encrypted and the output can be printed and good old-style carried or sent or whatever.

Btw, detail: iirc that ired thing was basically just a modestly fast serial device with an optical end added to it rather than some serial connector. So it shouldn't be a problem for programming/OS-

I might note that "don't work well at wavelengths longer than about 1 micron" is secret code for "don't work at all beyond 1.1 microns." There are other detector materials that cover the range from 1 micron to 100 microns and beyond. Mostly expensive, except for the pyroelectric materials.

The problem with all of these things is that there are endless possibilities, but only a finite amount of time (at least for any of us mortals) on the blue marble of unintended consequences. You can get around the low SNR by signal averaging repeated transient heating of the surface.

Digikey have plastic optical fibers. Some of their blue LEDs go well beyond 20 MHz and there are inexpensive 850 nm lasers that go up to 40 Gb/s. I was wondering yesterday if the gallium nitride revolution has produced solar-blind UV photodiodes. It should be possible to get a gallium aluminum nitride alloy optimized to work with the blue LEDs. A green LED will work in a pinch, although I haven't tried to measure the rise time.

A pox on the houses of all the threat assessors who serve the psychopathic narcissists. Plenty of interesting news at NakedCapitalism today.

Murder detectives sought Amazon Echo data:http://www.bbc.com/news/technology-38450658
This part shows CSI new sources of information:
“However, the court papers indicate that the property's smart water meter may have yielded the most useful evidence.The police say it showed that 140 gallons (636 litres) of water was used around the time of the alleged killing. They suggest this was down to Mr Bates using a garden hose to wash away evidence from his porch before he alerted them to the death."

Silent Circle is a gone case that's why I don't bother to do such a thing in the first place. It's Silent OS is closed source so what difference would it be when you can't personally check the source and ensure the requirements I mentioned above are done properly and vetted ?

Not to forget that the US Govt are part of Silent Circle's customer base. I am short of calling it a CIA front though for the fact that it has customers and people in the management from the US Govt/Mil/Intel complex.

I would rather open source projects do their best to put security as their first priority.

You're either brave or rich asking that. It's a low-volume, MILSPEC, TEMPEST, certified, and secure device. You can't afford it lol. You company might. So, here's the price sheets for the disk encryptors and network encryptors. GD's Protect drives are a grand or so cheaper due to SECRET certification. Of course, Thoth already told you the problem: you can't legally buy any of it anyway. They won't sell products that are close to secure to the private sector. Defense-only. General Dynamics might sell you a TVE, though. They protect classified networks by combining Red Hat Linux, VMware, and secret sauce. ;)

@ Thoth

"Hopefully this could be a chance to clean up the messy Android codebase via a fork"

It's not going to happen. Android is so complex Google has a whole, highly-paid team working on it. Changing it for the worst in many ways, too. There would need to be a similarly sized team fighting that. The separation kernel strategy could work but they won't do it. The FOSS people almost always oppose that with Redox team only ones doing it that aren't from academic INFOSEC. Genode being an example that is. If code is in better shape, might be easier for someone to port Android to Genode framework as they'll do that anyway. Get benefits of existing tooling. Put a modified seL4 or Muen at center.

More likely is efforts to add things like grsecurity to Android. Plus replace Google's stuff or the firmware. That's what they should focus on as the tactical stuff appeals to FOSS contributors a lot for some reason. Would reduce attacks vs stock Android. Hell, just a consistent patching mechanism would greatly improve the security of Android.

"Not to forget that the US Govt are part of Silent Circle's customer base."

Don't forget the marketing said Navy SEAL's (at least one) ran it. They know what's good for us because their lives depended on crypto in the field. Trust them to stop the U.S. government from... wait, it's getting deep in here.

@ ab praeceptis

"I guess the recent article and discussion about the "killer" (high voltage) usb stick might have played a role. And yes, against that the opto-coupling might protect."

It was the EMSEC discussions we had years ago combined with my increased understanding of analog. The explanations we were given about the link layer were abstractions (read: bullshit) that don't reflect what it actually does. The fact that it connects to a power source shared by other malicious components that might be looking for power channels was by itself a reason to investigate physical separation. I believe I posted a long time ago not just multiple, embedded computers but with their own batteries. Clive pointed out IR ports (good call :) in those old discussions. Another person built a data diode out of fiber optics. Wael accidentally taught me analog diodes aren't one way but that might not be relevant. Now, people are destroying shit with USB sticks.

Many things added up over time to make me want to use optical transmission on devices that are electrically isolated from one another. I mean *really* isolated rather than pretending to be. Not even on same board & maybe chip filtering/mangling the power connection. I've even considered a chip sitting between CPU and peripherals that just did that. Filter bad incoming, condition signal for ideal use by CPU, apply IO/MMU, and filter/mangle output characteristics to block side channels. Who knows practicality but untrusted chips beg for such crap. Hence, my preference for peripheral chips done with open IP on nodes verifiable by eye. ;)

I've been getting more and more of the above in Chrome under Win.XP lately, in particular when trying to access secure sites from links posted by trusted commentors on this security site - possibly due to the new trend of "let's encrypt" free certificates (?).

In any case, the same sites that Chrome (which uses Windows' built-in crypto stuff) can't access, are perfectly accessible on the same platform, using (even very old) Firefox (that has its own SSL and crypto library), leading me to assert that the error is due to Microsoft's crypto library NOT updated for newish algorithms (ECC?)on XP :=(

Is this a known problem with keeping good ol' uuindows XP, and is there a remedy - like, is there a 3rd party patch for WinXP crypt / or, can one just graft one or more DLL from a newer Windows ?

That was basically what I discovered when skimming Malvino after you referenced my analog studies in a discussion on "diodes." I thought you were implying a connection between properties of analog vs data diodes. I discovered analog ones violate the model. You then explained you were meaning to point out X, failed, and I learned something interesting anyway.

Got ya! I think I meant in the "ideal model" a Diode behaves like a short circuit under forward-bias conditions and as an open circuit under reverse-bias conditions. Zener Diodes are typically reverse-biased... in the real world, things aren't so clean-cut. I think that discussion came about during our C-v-P analogy or "model". Fun fun fun, remember?

The discussion here goes back to @Markus Ottela’s TFC project where a data diode is used to connect a trusted computing base (TCB) to an insecure networking machine (called NH there).
I guess Markus would be glad to discuss that with us but at the moment he can’t.

While “data diode” is an intangible thought model (unidirectional information transmission), @Figureitout is talking about a concrete tangible object consisting effectively of two data diodes in series:

The second is in the one-way optical (de)coupling, which additionally provides galvanic isolation to mitigate side channel attacks on GND and power supply + to prevent damage when connecting two, partly floating, machines, which IMO is the main reason why it must be there.

IC: Make sure always to order at least two ICs and check them before using them, that’s generally a good idea before wasting time with dead bugs!

On the other hand, to fab just one or two would cost them (= the taxpayer) too much, better order 5000+ so they’d have a chance to make a deal with the Chinese manufacturer (oh, they trust them, sure).

To check the optocoupler I gave some hints @Figureitout but I won’t link them here because of @Clive’s warning ;-)
Btw good luck for 4+ cores in @Figureitout’s SO-8 package, and:
When you find one exploding make sure to send the other one to a trusted hardware expert, a 4+ core optocoupler would be worth a mountain :-)

However, regarding the use of the data diode in the TFC project, the data transmission itself is non-toxic:
The coupler will see not more than ciphertext.

So the 4+ core optocoupler could only specialize on GND and supply noise, which would be interesting anyway especially if the supply comes from an USB [1] hub with an attached HD to the same controller chip.

Because only the ciphertext has to be transmitted (which is also on the Internet) and I personally dislike plugging cables, I’m actually thinking about a radio transmission (also a galvanically isolated data diode) between the TCB and the hostile world (NH).

The really dangerous part is the input to the receiving TCB:
It should see ciphertext only, but that input must not be susceptible to exploits …

Re clock rate issues (@Clive), this is truly the main issue with UART transmission above 2 Mbps.
But with USB + multitasking OS we add another component / problem which likely can’t be corrected by FEC, imagine e.g. plugging in a new USB device while transmitting (the OS will be off for a second or more, virtual com port has low priority, FT232 has 128 Byte receive buffer). So it’s not missing bits but missing kBytes.

Btw.:

- [1] An accessible USB port can not be part of any TCB.

- Forget all discrete home-brew optical solutions in case you want (reliably) more than 115,2 kbps, it’s almost impossible without complex IC.

The GD price list for the IMEs have so much bloated stuff like VMware and Win XP ??? They are still on Win XP ...

That's why China and Russia could walk into the US ICs and grab whatever they want without too much trouble and USG simply sits there and complain like a kid with toys taken.

The IME price wouldn't be so high if they simply removed the bloat but marketting as usual prefers to push up the prices by bundlong useless stuff. Why not bundle their Pitbull OS instead of Win XP and VMware ?

Regarding improving Android, I did use the word hope and as we know, hope is as good as nothing. We still have a long way to go not because we haven't the technology but because it's the human factor of the FOSS worship of Linux and it's creator and people still stand it's nonsense very well.

I guess we can also hope that someone or some group completes a usual microkernel. Another use of the word hope :) . Back to Groggybox development and HOPE no one steals the passwords keyed into a keyboard !!! Oh wait ... Ledger devices HOPEFULLY solves it ... maybe ...

Another Google failed to find intended design but led me to one that's similar. 1 microcontroller w/ 128KB of SRAM & analog component = 1.62mm2 on *65nm process*. 1.62mm2 x 4 is less than 18.24mm2. Significantly. Plenty of room for the RF component, esp given I said 28nm. That gives me twice the room for extra goodies like circuits that emulate defective octocouplers by randomly distorting the signal until he throws it away. :)

Of course, it seems you're the only person here that realized it was a joke. I got two different responses elaborating on it. Probably because my satire embeds as much truth as possible for effectiveness. Although a plausible subversion, I thought a chip implant wasting four cores on a job for one would be a dead giveaway. I was wrong. ;)

"The GD price list for the IMEs have so much bloated stuff like VMware and Win XP ??? They are still on Win XP ..."

It's funny shit, ain't it? With most of the devices, they're designed so the cryptographic TCB does its job regardless of the COTS software running. They let something else protect the rest. Cryptochips are a common example. Another was a TEMPEST-certified networking gear that had two, Cisco routers in a forwarding setup with electrical isolation and such. Don't ask lol... They do some wacky stuff.

It gets really ridiculous when they start applying it to things where Windows etc is the TCB. The drone, control PC's that kept getting infected with Windows malware come to mind. Such things lead one to ask even more questions. The answers stop coming at some point. ;)

You may remember @Figureitout getting a little upset when I told him LEDs also acted as photo diodes, and he checked it and found out I was not pulling his leg.

Other people have been known to get upset when I told them they could use an 1N4148 or other cheap high speed signal diode as a variable capacitance (varicap) diode.

Then there's the "When is a transistor not a transistor..." game as well.

Back in the good old days of OC71 germanium transistors, they where in heat sealed glass cases very similar to small Xmass tree lights, only covered in thick black paint. It was known amongst the "old lags" in some design shops that if you scraped the paint off they behaved just like a much more expensive photo transistor, and this was exactly what was done by the manufacturers of cheap photographic "light meters". I actually made my own "opto-couplers" years ago by using cheap LEDs and BC109C transistors with the top of the metal can sawn off, both epoxy glued into a 3/4in length of black plastic tube. Then of course reverse biasing transistors to use as "noise diodes" and other tricks to get some cheap transistors to act as avalanch devices to generate high energy rapid pulses for various purposes (comb generators being one).

Oh and some V-FETs from IRF that were dirt cheap, making very good RF FETS up into HF (IRF610) or VHF (VN66AF) at quite some power.

Wael
--Yeah, it's USB too, every electronic hobbyist *for sure* has multiple cables laying around. They mention shielding in the optocoupler in the datasheet. Ok, I'm calm but either you weren't reading or just trying to make me angry.

Nick P
--Yeah 4 cores in an optocoupler, that's realistic. I'd for sure buy a ton more if I get that much power in a 8 pin chip that emulates an optocoupler well too.

Can take care of RF w/ shields, and other methods, easy. Also getting some w/o my name on it, again easy and impossible for them to track all mail simultaneously, especially from China. If I get one that may be tampered I'll notice it I'm taking it someone w/ a microscope and pictures and may make for a nice blog post. When I was trying to get it to work, I had a short on my pretty interface board w/ 0 ohm resistors so I had to scrap that and solder directly to chip. But when there was a short between pins 3 and 4, when I would plug in TX it would only send one "NUL" char for some reason, I screwed around some more and it stopped. Probing w/ a multimeter caused a bunch of funky chars to get sent too.

And I'm not scared of that either, the use case can be greatly expanded to be even more impossible to compromise when starting from RX side.

Why don't you build it yourself, it's not that hard. I want better application support (linux/bsd support, not knowing exactly how files are being sent in Realterm concerns me a lot, I don't want to install virtual com port drivers if at all possible, want a driverless plug-n-play solution, and I want to be able to send directories or folders of material, being able to apply even a minimal amount of crypto on transfer would be nice). But all that would be a full time job and to polish it up real nice.

Andy
--Look up the tiny datasheet HCPL 7723, I'm not going to argue over that anymore. If you mean by control signals the start/stop bits of a protocol, I don't know. It's being like bit-banged out, and you would see pictures like Sancho_P's scope pic's if we watched the line, ASCII chars being sent.

Clive Robinson
--That'd be fun kind of I think, since this is going to have a high speed.

Sancho_PBtw good luck for 4+ cores in @Figureitout’s SO-8 package
--Haha yeah exactly, would burn right through my desk. It would kill itself lol. I mean, how could I use such a thing, that would be awesome, please backdoor chips if it means we get things like that. :p

RE: radio data diode
--I think it'd be too risky unless you can design a receiver that can in no way be made into a transmitter. Can't have a shield then. I think it would be fun/cool but I see too much impossibilities keeping it safe; maybe each node has a huge authentication string and only checked encrypted/hashed etc. to deal w/ rogue nodes.

Maybe I can sell them a modified Ledger Nano S with my GroggyBox port for 150 Euros (excluding shipping fees and tax) :) . Much more secure with crap like VMWare, Cisco, Win XP since the GroggyBox4Ledger does not rely on the OS of the host PC. Secure input, buttons, processing, KeyMan .. all inside the Ledger Nano S ST31 secure element rated at CC EAL 5+.

How about TEMPEST ? There is no passive shielding but smart cards are known to use Whitebox Crypto. There you have it, active EM shielding via confusion algorithms in the Whitebox crypto. To add to that, the ST31/STM32 combo requires you to code in low level languages (C, ARM ASM) and that means I can create me super duper active obfuscation super secure algorithms to provide active EM cover.

Wow ... a super secure civilian made encryptor better than those made by bloated and fat Defense Contractors who spend most of their time doing crap and wasting their employers cash just to buy some expensive dinner for clients and Govt Officials and then claim it from HR dept.

Oh, the original price for a Ledger Nano S cost 58 Euros (excl. tax and shipping) and would cost about 70++ Euros with the taxes and shipping. I am pretty nice to only charge 150 Euros excluding tax and shipping for something more SECURE than those Def Crapware :D :D :D :D :D .

“I did mention above on re-purposing a OpenIO board in the post above for a civilian level IME with possible capabilities close to the GOTS stuff except that my description is not TEMPEST rated. It is nice and cool to own a GOTS encryptor but how many could obtain one legally ? The next best option is the open source and open hardware variant I described and even if it is not TEMPEST rated, it is going to give TLAs a hell of a time to handle already which is better than nothing.”-Thoth

Yes, an open source variant would probably due. Let me look around.

re: USML
“USML is like a list of "no sharing of toys for my foes" list. Kind of petty and childish at best. Even if the US does enforce ITAR, China and Russia would simply ignore and that's how N.K. and Iran gets it's toys even with ITAR restriction.”-Thoth

I agree it is childish. Yes, if you have the cash you get what ever you need at certain “brokers” . It’s some what like 0-day exploits the market opens to the highest bidder.

“Now introducing Zero Day magazine”
“…we released the inaugural issue of Zero Day, a quarterly digital publication that provides IT security professionals with a broader view of the current state of IT security, vulnerabilities, and cloud security trends.” –alerlogic

“Description: The FLiR Dev Kit includes a breakout as well as a Lepton® longwave infrared (LWIR) imager. With this kit you will be able to bring FLiR’s thermal imaging reliability and power to your Arduino, Raspberry Pi, or any ARM based development tool all in an easy to access breadboard friendly package. All you need to do to get this kit set up, simply attach the Lepton® imager module into the provided breakout, connect the headers, and you will be seeing in full darkness in no time!”-sparkfun

“I might note that "don't work well at wavelengths longer than about 1 micron" is secret code for "don't work at all beyond 1.1 microns." There are other detector materials that cover the range from 1 micron to 100 microns and beyond. Mostly expensive, except for the pyroelectric materials. The problem with all of these things is that there are endless possibilities, but only a finite amount of time (at least for any of us mortals) on the blue marble of unintended consequences. You can get around the low SNR by signal averaging repeated transient heating of the surface. Digikey have plastic optical fibers. Some of their blue LEDs go well beyond 20 MHz and there are inexpensive 850 nm lasers that go up to 40 Gb/s. I was wondering yesterday if the gallium nitride revolution has produced solar-blind UV photodiodes. It should be possible to get a gallium aluminum nitride alloy optimized to work with the blue LEDs. A green LED will work…”- JG4

I thought galium nitride was a Motorola thing that turned out to be a bust.

That is a good point about repeated heating. There eventually is a way to spot spy devices if you are diligent.

That said it is an interesting price list. As you say low volume. One would expect the production runs to be fairly small so the price is high.

@ Thoth and Nick P

“The GD price list for the IMEs have so much bloated stuff like VMware and Win XP ??? They are still on Win XP ... That's why China and Russia could walk into the US ICs and grab whatever they want without too much trouble and USG simply sits there and complain like a kid with toys taken.”-Thoth

“It's funny shit, ain't it? With most of the devices, they're designed so the cryptographic TCB does its job regardless of the COTS software running.”-Nick P

Yes, it is funny but not so funny. It is like the old saw: “Hurry up and wait.”

Rule #1: (unnecessary) complexity is to security what cancer is to organisms. usb is too complex and overloaded.

Also, Nick P has a point. While fpgas and mcus are handy and comfy I personally would rater think about putting a crypto algo into ttl or cmos. Let us not forget that the "cpu" of a pdp 11 actually consisted of some ttl graveyard boards. If that was good enough for a cpu it's also good enough to implement s-boxes and the like. And unlike fpgas it can be understood and inspected by humans.

They mention shielding in the optocoupler in the datasheet. Ok, I'm calm but either you weren't reading or just trying to make me angry.

Niether, actually. I said:

Well, you have the adapters already built! Just chop your Optocoupler in half, and use the fiber optic cable as an "extension cord". That's why I would use discrete components. Of course you'll need "shielding" so no one snoops on stray "lost photons" ;)

I'm referencing a distance separated Optocoupler. That is the context. I wouldn't need to read a data sheet to know that integrated Optocoupler are optically shielded.

@Clive Robinson,

Other people have been known to get upset when I told them they could use an 1N4148 or other cheap high speed signal diode as a variable capacitance (varicap) diode.

I'd like to see the look on their face when you tell them about semiconductors with negative resistance :)

See this link. Has a lengthy question from me fairly early in the piece not dissimilar to your own. And some quality respones from a few folk; particularly @ FigureItOut and @ Ab Praeceptis - you will appreciate.

@ 65535 @ Clive Robinson

@ 64435 you mentioned piecing together shredded documents thus gaining insight into (from memory) key mat production used by the russians via german technical manuals. Clive rightly observed that you could be dining out on such a story for some time.
You reminded me of how the east german ministry of security shredded critical documents relevant to their operations admist the famous storming of their offices, in 1989, shredded documents which were later reassembled using computer software. Any comments on your experiences will be fascinating to us.

Regarding improving Android, I did use the word hope and as we know, hope is as good as nothing.

You may draw some additional inspiration from Jyn Erso's inspiring Rogue One speech: "Rebellions are built on hope. Are you with me ?"

And I get why you don't really trust Silent Circle too much. Then again the fact that they have quite some government and military customers does seem to indicate that their products even in those circles seem to be considered reasonably secure. Whether or not that also means Silent OS has been backdoored at their request remains an open question, although, admittedly, the disappearance of their warrant canary in July this year doesn't exactly bode well and for which reason I changed my mind of purchasing a Blackphone.

Govts purchasing and having an interest in it does not equate to security. Remember the GD encryptor above which I mocked fun of ? Win XP and VMWare as management environment for the encryptor ? That must be a joke with something rated by NSA for Secret level clearance.

Some possibilities for Govt interest:
- Backdoors as usual
- Purchase and given to foreign fighters aligned to US values instead of proper military encryptors
- Operatives that are of lower importance (disposables)
- A campaign by US Govt to show it's secure but in effect is used as a bait

Whatever it is, Silent OS is built off Android and Android is suppose to be Open Source although understandably Android is APL licensed that means derived products and mods can be closed source which is problematic.

from the usual daily news compendium (links below). the first one seems to be on point for Daniela's question and comment about the implications for TOR in the Snowden revelations. It is possible that the Snowden revelations are the single most brilliant imperial mindf@@k ever conceived. I almost remember that I posted the other yesterday. A key excerpt from Daniela's question:

https://www.schneier.com/blog/archives/2016/12/friday_squid_bl_556.html#c6740267
...
Secondly : Recall Ed Snowden referring to the 'Tor Stinks' power point presentation in his release? In which NSA considered Tor 'catastrophic' for decryption/interception?
And Ed also said using encryption + Tor proved secure enough for him to send his data?
Would you say this facts stand as of 2013 but not now? I am going to second guess and say no because things were just as bad back then. What's your take on that - surely Ed is bright enough to understand the real and serious vulnerabilities with Tor in the ways you Fab Four do. But at least was - and as recently as a Tor fundrasing last year - still is cool with TOR.

It wouldn't be a bad idea to catalog the answers, but I am too lazy and dysfunctional. Here's another answer to her question:

Tor and its Discontents: Problems with Tor usage as panaceahttps://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908
Bill B, from the article: “Download and run this and you get a free proxy / VPN; oh, yeah, but you’ll stand out like a f@@king glow stick and you have no good reason to use it except as an evasion tool against state authorities. Good luck explaining that when they ask uncomfortable questions”

in following Daniela's pointer to her question, I stumbled into this (link and excerpt below), which I had seen at the time, but missed some of the import. he's got a nice vision of saving the world and enough money to make a difference. it would be ironic if his databases end up being used to kill off the opposition who would have saved the world. anything can happen at any time on the blue marble of unintended consequences. you can bet your last fiat scrip dollar and every one that you still can borrow on credit cards that your mileage will vary. some time I will regale everyone with the story of my brush with Palantir. it still makes the hair on the back of my neck stand up. they know everything, in principle by consent

Peter Thiel’s Vision • December 9, 2016 6:29 PMhttps://www.schneier.com/blog/archives/2016/12/friday_squid_bl_556.html#c6740198
Peter Thiel, PayPal founder claims to care about individual privacy and freedom. Obviously this is why he invested in Facebook in 2004. He also founded top-secret Palantir who today, has unparalleled access to millions of the the most sensitive personal databases.
Thiel Quotes:
Instead of the United Nations, filled with interminable and inconclusive parliamentary debates that resemble Shakespearean tales told by idiots, we should consider Echelon, the secret coordination of the world's intelligence services, as the decisive path to a truly global pax America," Thiel wrote.
In a world of nuclear weapons, facing the scale of terrorism seen on 9/11 or worse, true liberal thinkers must act forcefully to spread their values and stave off existential risks, Thiel argued. http://www.businessinsider.com/peter-thiel-is-trying-to-save-the-world-2016-12

Weapons of MASS DISTRACTION at work. Looking at the Snowden revelations Russia and the EU should have send the US diplomats at home a long time ago. But they didn't. Nobody got prosecuted for the deliberate hindering of the Bernie Sanders campaign. Let me repeat: nobody!

Now we are seeing a "Snowden revelation" kind of document and somehow it remembers me of the Colin Powell speech, with his aerial photos.

It appears that acting aggressively, but only to the outside, is a US habit. They close ranks. WTF is wrong with the US? (rhetorical question since we all know it's a banana republic)

What they should do instead of making a big show (or worse) is to get their act together and deal with the security of their systems.

Right, the link looks strange but it’s according to my applied filters to chase down the interface ICs to the MAX3120 family, I didn’t remember the type number so I was looking for MAXIM and 3V to 5.5V IrDA.
To reproduce that may be difficult because I started at mouser.es ;-)
[mouser.es and mouser.co.uk are somewhat different, who knows why]
Sorry for making you nervous!

@Figureitout

I don’t know Realterm ‘cause I left Mi$o - world years ago for Mac.
Anyway, a serial terminal isn’t intended to comfortably transfer files.

You don’t have to install virtual com port driver with Linux, it’s already there in the kernel.
Plug in the FT232 board, device /dev/ttyUSB0 will be created.
However, to use it you must add your username to the group “dialout”,
otherwise a serial terminal can’t access it (permissions):
sudo adduser xxx dialout
Then logout / login!
A simple terminal would be GTKTerm https://fedorahosted.org/gtkterm/
Again, not exactly what you want …

Re radio data diode

Well, receiver may transmit and transmitter may receive -
finally the signal is on one data line to the MCU, so it depends on
what your software in your TCB does, read or write from that data line.

When your TCB software is already compromised (e.g. reconfiguring I/O to read from a formerly designated output) then it would be crazy to read from the transmitting circuit (would be hard anyway to reversely use an amplifier / transistor output stage).

Compromised software in the TCB means the game is over!
For a SW - update of the compromised system the compromised system does not need to invert / abuse your transmission HW.
Same goes for sending via the receiver circuit.
Paranoia can destroy ya - take care!

thank you for feedback about SilentCircle blackphone. how funny about the 'SEAL' being an owner/manager (!). Recall they closed down their email component a few years back - perhaps that had something to do with the (cough) acquisition. Your interesting hypothesis @Thoth for reasons why USG may be involved with Blackphone, remind me of UK gov handing out Enigma machines to all its colonies & even USG after the war. What a kind, inclusive gesture- so selfless

@All

OT sorta

Ian Cobain 'The History Thieves' new book about the secrets policies of the UK gov, the last 100 years to present.

is considered the most secretive 'democratic' government there is,
the press is unequivocally banned from reporting anything of substance relating to the government, under the official secrets act.
As recently as the '70's , a postman was charged under the Act with writing a letter to a newspaper complaining about how few counter staff were in the post office.
UK is unique amongst all countries for having been continuously engaged in warfare, somewhere, every year since 1914. Unbelievable just how many skirmishes it started, many against allies - or allied with former enemies. Many wars have never even heard of. the SAS were tasked with finding wars to be involved in as a justification to keep them going. It also officially started the Vietnam war 30 years earlier but no one knew troops were even there

> Are there any consumer surveillance counter measure devices on the market? Can > surveillance counter measure devices be constructed by the average Joe/Jill? If > they can to what extent will they work? Any spy device finder would be of help. > What do you say? This is a real question.

Excellent enquiry. Was it the Mad Hatter whom thought of 6 impossible things before breakfast? Power supply issues used to be a give away but not any more. I've known some whom were sure their C-S included a check for extraneous wi-fi or cellular transmissions & possibly a means to interfere with them phoning home. Anyway just to throw this into the bubbling cauldron. Hopefully I won't be laughed or flamed off of here, but to be thinking hinky I have in all sincerety known people using 'extra sensory perception' for counter surveillance, which quite plainly can be consisdered a more refined awareness or subtle perception available to all of us.
In practical terms it was not so far out : they could stand in the centre of a room and after a few moments of quiet say - "no - no surveillance devices present"
Or - " yes - there's something" - and start walking in the direction and either locate it or say - "it's in this exact location [points to wall or cabinet or whatever] but I can't't see it and thus can't identify it further"

Right you are. I'm somewhat of the "he knows about Russia" guy in my circles and so people came to ask me "Russia will retaliate and throw out half of the us-americans in the Moscow embassy, right?"

Nope. First they will smile because being well educated and people of culture they, of course, recognize how tiny, poor a person must be and in how shitty a position to do something so gross and primitive and evil spirited as what washington did.

Next, they will wait till Jan 21 for the new washington to reinvite them with a "pretty please with sugar on top".

Funnily Putin stated it very clearly a day or two before the washington farting attack happened. In a large convention with his top militaries he explained that today Russia is stronger than any potential aggressor.

I'm having btw an increasingly hard time to tell people over here to *not* hate and detest "the americans" but to limit their feelings to the oligarchs and politsters. I keep telling them that, in fact, the us-american people are suffering even more than we over here in the colonies and vassal states; after all their country is run by those criminals.

Trump will allow for more peace in the world, not because he's a nice guy but because the star spangled nation has overstretched it in pretty every regard and now they have to chose: either they pull back and try to repair their country - which is what Trump has been placed for - or else they will be destroyed. One thing, however, won't happen: they'll not climb back to global power; they are an ex-hegemon and Russia and her allies will make sure it stays that way. Good for the world. I'm also pleased by Trump because I don't hate the us-americans (the people) and unlike many, many people I don't wish for them to be nuked (which would have happened with killary clinton).

... so people came to ask me "Russia will retaliate and throw out half of the us-americans in the Moscow embassy, right?"

Err, isn't that exactly what they just did? The question being what exactly they hope to achieve with this rather pointless muscle flexing. Everyone knows that their respective embassies are filled with spooks and that they will just be replaced by others. These are nothing but the death spasms of a spiteful outgoing president blaming an old foe for an election lost by a compromised candidate that failed to appeal to the people. Not to mention having serious issues with that same foe totally upsetting US foreign policy in the Middle East and reducing its role there to that of an irrelevant bystander.

Trump will allow for more peace in the world

I don't share your optimism. Trump is an impulsive, unpredictable loose canon who's unfit to hold any political office, let alone that of the most powerful person in the world. The only reason he likes Putin is because Putin is the kind of leader he would like to be too. Which doesn't exactly bode well for anyone.

I'm also pleased by Trump because I don't hate the us-americans (the people) and unlike many, many people I don't wish for them to be nuked (which would have happened with killary clinton).

Although I have no beef with the American people itself - quite to the contrary - , one cannot but resent them for having voted into office an utter madman who seems to be incapable of telling anything but lies and absurdities.

Nope. First they will smile because being well educated and people of culture they, of course, recognize...

You forgot the "Moral High Ground" game. Obama has made yet another tactical mistake, and now Putin will do more or less what he has done with Ed Snowden, he will capture the moral high ground in most of the rest of the worlds opinion, for what is in effect the price of a few airline tickets and paid vacation time.

It also gives Donald Trump a nice way to be magnanimous next month, especially as he will try and leverage a little trade etc with it...

I have no idea who has been advising Obama but they have made a realy bad fist of it.

Even the UK is making noises in the Trump direction with what would otherwise be pointless comment on things that have happened in the UN. I suspect there are likely to be sympathetic noises from German Politicos in the Trump / Putin direction fairly soon due to something like 40% of Europeans going to the Vote in 2017.

Well, we seem to strongly disagree on this but I won't deepen the discussion.

@Clive Robinson

It's quite obvious that obama is obsessed with destroying the relations with Russia the worst he can. Frankly, I find that guy just ridiculous. He failed in pretty much everything and now he does something that (to my knowledge) goes against a "holy" washington tradition of not fumbling into the successors playing field. Moreover, what he did was just an empty gesture.

As for the europeans I'm less confident than you. merkel has germany in a rather iron grip and is fully supported by what can't be called media anymore but should rather be called propaganda.

I think we must wait till jan. 20 to gain a a better understanding of how Trump influences things in europe. Many I know hope that he will continue to beat up merkel.

Not meaning to insult anyone but my personal view is that we see again and again bio units like obama or clinton trying to play tough against homo sapiens (Putin) ... and loosing.

That does not surprise me in the slightest... She is after all being blaimed for the influx of refugees in Europe and the attendent economic migrants and if others are to be believed "sleeper terrorists".

Further she has presided over the effective destruction of what were concidered by many Germans and other Europeans as sacrosanct laws to protect both privacy in the home and in communications against the rise again of a Police State. Many of whom also see the black hand of the US signals agencies not just for spying but raining down death and destruction via drone on people in foreign nations from German soil. Thus providing a fertile breeding ground for the disafected and now displaced to become terrorists who "Mummy" is inviting in and turning Germany into yet another ethnic sink hole that is seen on the outskirts of Paris, and in large areas of Belgium.

Thus we have seen a movment to the right of political opinion.

Whilst Mummy may be supported by German MSM it needs to be pointed out that so was Hillary Clinton and it did not do her any good. Thus it might be that such obvious spining by German MSM will count against Mummy with the German electorate.

The simple fact is that many MSM owners can nolonger deliver on their promises to gain political largesse for themselves or rheir friends. Thus they are nolonger "King Makers" or "Power Brokers" in fact some are begining to look like lead kippers, with falling readership and marketing income. Some are singing the MSM "swan song" in expectation that it will become dead, and buried in a timely fashion.

It's something that scares not just politicians but the 1%of the 1% of the 1% elite who try to remain hidden and used the MSM as one of their fronts/shields. Which might also account for the perfect storm various entities have been trying to brew up over the Intetnet and the various "Red under the bed" boggiemen, such that they can try to regain the propaganda initiative, by eliminating those "off mesage" and their associates in various ways.

Indeed. I'm expecting a Trump-like scenario for germany, too. I remember well how the official "polls" showed killary with 98.x chances of winning ... and then, within 3 hours (I followed closely) it turned around.

In other words: The pollsters and media haven't *asked* and shown what people wanted but they rather propgandized and *told* what people should want.

Same thing in germany. Want an example of chuzpah und sheer idiocy? Here you are: One of these days some state controlled german media seriously blabbered about cdu (merkels party) *rising* in acceptance due to the xmas market attack! RISING!

Obviously the truth is just the opposite. More and more even long term loyal merkel voters turn away. The elderly father of one of the victims publicly said "I will *never again* vote for merkel".

The reason for all that dates back about 100 years when people like bernays researched and created "modern PR" (read: brain washing and manipulation). In particular they found that the vast majority of people will chose to go with the mainstream, even if they *know* it's wrong. The modern version of that is polls - which aren't much about getting info from people but rather about *pushing* wanted "info" into their minds. The message of those polls is "See? clinton/merkel/x have the majority behind them! Do you really want to be the lone outsider? If you want to be one of us, you must go with all the others!".

That game does, however, increasingly fail. While most do not yet understand the tavistock mechanism, they are so bloody angry that they would for pretty much anybody who is against clinton, merkel, and the other politsters.

In 2008 Putin visited Ussuri national park with a camera crew to see a trapped tiger when the adjective "trapped" suddenly, and pants-shittingly, no longer applied. Faced with the now-loose predator, Putin scooped up a tranquilizer pistol, dropped the tiger and then,

Learned a new expression today :) I'll add it to my "favorites list", which includes the current top one: "brings tears to a glass eye" :)

Well it depends: the ones in the front of the sub will be lucky; they'll collect left over caviar. The ones in the back of the sub won't be so lucky because they won't taste the "caviar suppository" :-)

It's Friday, I guess! They'll be radio active with a half life of nine months :)

The pain of that experience might be why they're jumping out of the ocean onto beaches.

re Cracked

You should check the site out periodically, esp the photoplasty stuff. Their writers are pretty good on info, perspective pieces, and humor. I recently found out they use a virtual, green room to generate the content from amateurs. Per their statement on Wikipedia:

"Instead, the site functions as a “virtual writer’s room”, where more than 2,500 amateurs pitch articles to which other users provide feedback. According to Former General Manager Oren Katzeff, "Nothing gets on the homepage without heavy editing"; [writers] "pitch the site’s on-staff editorial team, who give out assignments and feedback to writers after an idea is greenlit". O’Brien and five other editors pick and refine the best material. More than 90% of the stories on the top spot of Cracked’s homepage come from the virtual writer’s room."

Kind of a neat concept. They make money off inexperienced writers while improving those writers' skills. Readers get good shit. They also do videos although I usually ignore them. The founder did a nice vid on Uber, though. Probably a must-see for people evaluating these services. Only drawback of the site is it's the single, worst example of JavaScript & heavyweight pages. Viewing it on mobile is horrible with the page jumping around due to all the stuff loading. One, big article knocked my battery on a Galaxy down from 70-80 to around 30. Ridiculous...

"Whilst Mummy Merkel may be supported by German MSM it needs to be pointed out..."

Most of us have witnessed in our lives stories that became news. Either reading about it, or viewing, we are surprised or shocked that the facts were either very poorly reported or deliberately distorted. The truth is that very few MSM stories are trustworthy in whole. Things people throw out on the internet sites like this often less so.

I cannot help but note that that Ms. Merkel has pressured social media to crack down on hate speech. Ein Riech! Ein Volk! Ein Schiessse!

I don't! I voted in a different manner: I put a couple of fruits in an urn and picked one out at random. On the first trial, I picked a rotten apple. Didn't like it. On the second trial I picked up a wrinkled orange. Didn't like it either -- I got spooked. Turned the lights off, picked something and tossed it in the voting box.

Well, we seem to strongly disagree on this but I won't deepen the discussion.

In a rather (at least to me) surprising turn of events, it would now seem that Putin is not going to expel any US diplomats after all, but instead has invited them to a New Year's reception at the Kremlin. I so wish I could have seen Obama's reaction. Putin is totally making him look like a fool.

merkel has germany in a rather iron grip and is fully supported by what can't be called media anymore but should rather be called propaganda.

That's not entirely true. Support for Merkel is slowly fading, and if - like me - you're reading German newspapers like 'Die Welt' on a daily basis, then you do know that they are definitely not supporting her all the way. The main difference with Anglo-Saxon media being that they are not in the habit of openly and personally attacking politicians.

Merkel actually realises that. Only a short while ago she suddenly took a rather remarkable stance against full-veil clothing while also pleading for the removal of hundreds of thousands of people whose asylum had been rejected. The main reason Merkel still enjoys broad support in the population is not because of MSM support but because there currently just is no single other German politician, either in her own coalition or in the opposition, who even remotely inspires the same levels of trust she does.

@ Wael

I'll add it to my "favorites list", which includes the current top one: "brings tears to a glass eye"

Are you already familiar with "Don't let it hit ya where the Good Lord split ya" when showing someone the door? I picked that up from a Texan.

Putin scooped up a tranquilizer pistol, dropped the tiger and then, ...

I wanted to make a comment about what would have happened in the US, then realised that I would derail yet another thread into a gun debate.

OMG! A cross-dresser version of Silvio Berlusconi?! Stop the world. I want off 8-)

@ Clive

Thus providing a fertile breeding ground for the disafected and now displaced to become terrorists who "Mummy" is inviting in and turning Germany into yet another ethnic sink hole that is seen on the outskirts of Paris, and in large areas of Belgium.

It's already happening in several cities in Nordrhein-Westfalen that is refusing to take in any more immigrants from North Africa, and in Berlin districts such as Kreuzberg. I don't know how good your German is, but read for example this here article from Die Welt:

"Berlin is just dangerous. If you don't believe that, take a tube through Kreuzberg", says an undercover agent. "There is a massive problem with very frustrated young foreigners taking out their frustration on other people." „When every day on duty you get insulted and spat at, when foreigners right in front of you swear on the Koran that they will kill you and your family just for pointing out to them that they have to observe common traffic rules, then the level of what is acceptable is totally exceeded", says another one.

A friend of mine who has been living in Berlin for the last twenty years at the Christmas table told me the exact same thing. Despite being a biker with an impressive physique, even he says he's not feeling comfortable in certain neighbourhoods anymore.

It wasn't designed as a polar bear snack, but that's how life is sometimes.

I can see somebody in the Navy purchasing side puting in a requirment that future subs have some kind of polar bear repelant included in the rubber used to make the surface of the rudder etc. And some poor engineer reading it and going WTF...

Such things tend to develop a strange life of their own... Some years ago (back in the 80's) I was reading a tender document for a piece of software to control a system used for the MLRS vehicles. I came across the must be compliant with and the usual bunch of standards numbers, when my eye caught sight of one I had not seen before. So I looked it up and sent a nicely worded letter requesting an Engineering Change Order to the specification. When it crossed a fairly senior persons desk they phoned me and started with the usual "the specs the spec" routine. At which point I stopped them and asked why it was a requirment? And it immediately became clear that they had absolutly not even looked up the standard as they started to flounder. I politely asked them to explain why for a major contract where software was the only delivery item why it had to comply with a standard for sealing washers?...

The noise coming from the other end of the phone was some what inarticulate but never the less interesting in a gargaling sort of way.

What supprised both me and my boss was we got the contract, apparently I was the only person to raise the issue, so in effect had shown we had taken the documentation seriously.

My guess is that at some point somebody just "Cut-n-Pasted" from one document to another without checking what they were doing. I gather something similar was found in the Deep Water Horizon Environmental Impact Assesment long after things had gone pear shaped.

@ Dirk Praet,

For my sins my German is fairly appaling to put it mildly. It was bad enough when having to read technical reports prior to having had my head karata kicked into a metal post one thursday morning on the way to work back in Sept 2000. Since then it's virtually non existant along with a whole bunch of other faculties I once had. I was told back in 2001 it's a "PTSD thing" by neurologists and "It's not PTSD but a physiological issue" by the psychologists... Either way it gave rise to a very depressing time in my life and my IQ --according to the Cattell Culture Fair III A test--whilst now in the low 150's is 10-20 points lower than it once was.

As for the problem in Berlin, we had issues similar to that in the UK frequently in the 1980's different people same 5h1t. In current times you get first generation immigrants with children. The parents tend to work hard and get on, some of the children especially certain young males have a "sense of entitlement" that has no basis in reality. They then get involved with very serious crime but show no sense of self preservation as they "big it up" in various forms of social media, in ways that jurors tend to find rather compelling for the handing down of guilty verdicts. These people then become a serious problem within the prison system and tend to get into even more serious crime on being released. One ex-prison officer I know has indicated that a commonly held view among prison officers is that they are beyond redemption and should be kept totally issolated at all times from the rest of the prison population and prison officers as well where possible on safety grounds.

keep it simple: get two computers, no matter which system,
get a big bunch of writeable cd:s (and perhaps also usb-sticks).

install encryption software on one of the computers and do not ever connect that one to a network.
never update it -not needed when it is not networked.

use the encryption computer as a typewriter, encrypt your messages with it,
transfer the encrypted messages to the networked computer using usb/cd
-do not reuse the usb/cd:s,

write a cd to transfer received encrypted messages from the networked computer to the encryption computer,
-never reuse the cd:s (infact shred them after use, it is good policy to save messages either decrypted or encrypted, but never both).

Acknowledge the fact that everything you do on the networked computer can/will be intercepted.
You cannot Easily hide the fact that you are communicating, neither with whom.
(check Chaum, mix network remailer, for possible help to try hiding)

Look upon the above scheme is a starting point, like picking the low-hanging first.

(hmm, maybe overall security is strengthened by using an external cd-writer on the networked computer, to be attached only when in use? Ideas, Anyone?)

final note: it is simple, meaning there is still plenty of room for paranoid improvements.

One ex-prison officer I know has indicated that a commonly held view among prison officers is that they are beyond redemption

There may be exceptions, but generally speaking, I concur. There is a very persistent group that for whatever reasons cannot or will not integrate, completely reject our societal values and as their numbers grow end up destabilising society as a whole. However much I think we need to do (much) more for those willing and able to integrate, just as much have I grown convinced that some elements - whether it be newcomers or nth generation migrants - simply do not belong here and never will.

Recently, I have been particularly horrified by the story of 6 Syrian and 1 Libyan refugees, all between 15 and 21, who for fun and games saw fit to torch a sleeping, homeless man in a Berlin subway station. If it weren't for the prompt intervention of several bystanders and a conductor who stopped his train, the man would have burned to death. Although I understand that they may have been seriously scarred by all they've seen and gone through, such people are monsters who should be incarcerated and after serving a very stiff sentence removed from our soils never to return again. Whatever international law dictates on the matter.

Who knows, but I would be suspicious of anything that came out of the NYTimes,

@ snur-pele,

hmm, maybe overall security is strengthened by using an external cd-writer on the networked computer, to be attached only when in use? Ideas, Anyone?

We've discussed it before on this blog in the past. The one thing you have to remember is that CDROMs and the like are dificult to destroy effectivly due to both daya density and the way they were designed.

The destruction of CDROMs securely means that you have to destroy the track and the pitting chemical in it in their entirety. Most methods are hazardous to health, and can take considerable effort and time. Likewise memory sticks / thumb drives are very dificult to destroy beyond recovery (which is why they tend to be used in flight data recorders / black boxes these days).

Thus another transfer method is to be prefered, preferably one where it is difficult for covert data to be transfered. One method is to use printers and scanners with easily destroyed beyond recovery printed paper as the actual transfer medium.

OCR software will these days read in printed information fairly reliably. Thus printing out the cipher text in hexadecimal strings pre-appended with an address and ended with a CRC checksum[1] should provide reliable data transfer.

The destruction of the paper is generaly not to difficult as all it needs is an ashtray / metal bin a match and holding the burning page such that it compleatly burns. Paper can also be made more flamable by the use of the likes of soluble nitrates etc. An old method was to make up a solution of Potassium permanganate KMnO4, which is a strong oxidizing agent and paint the paper with it, when dry the paper would once lit remain lit and would burn to a very fine ash, without needing to be held.

A more up market method of transfer is by serial data via a diode, pump or sluice[2] with an instrumented interface. If you search this blog you will find Tin Foil Chat (TFC) being discussed, this has the potential to become rather more than just a data diode segregated system.

[2] Whilst many people know what a data diode is, less appear to know what a data pump or sluice is. In essence a pump is a data diode that also has the ability to only pass certain data types/classifications through. However like a diode a pump has covert time channel issues. A sluice however has a store and forward mechanism which reduces or disrupts the covert time channel to render it ineffectual.

... who should be incarcerated and after serving a very stiff sentence removed from our soils never to return again. Whatever international law dictates on the matter.

There is legal precedent for making people "stateless" and what can happen to them. There is also a process by which a person can renounce their citizenship for various reasons, such as becoming a citizen of a new nation, which does not alow dual nationality. However some nations such as the US refuse to recognize that a citizen has the right to relinquish US citizenship which can and does have implications due to their strange views on taxation and juresdictional limits.

The real problem however is if you have in effect a sociopath or similar who will not cease their criminality, thus can / should not be alowed into society again for the protection of society what do you do with them and at who's expense?

It is a problem that has no real answer that is acceptable to even a majority of people.

WaelI would use discrete components.
--Ok, "would use" implying you're going to build/try it or just arm-chair quarterbacking?

optically shielded
--I think they implied RF shielding, too little details on their datasheet, would have to contact for more info.

Sancho_P
--I know about that for linux, I was pleasantly surprised it had the CH340 usb-serial driver on kali linux so it's just plug-n-play anytime I wanna try something on a knockoff arduino. I would've swore I had VCP drivers for windows for another dev board but maybe I deleted them. For the security use case, this would have to be essentially 2 throwaway PC's so it's not too big a deal I guess.

Realterm is nice b/c it's the only terminal program I know of that can send direct/literal hex values as opposed to ascii-encoded chars. That feature was critical for me to test some contracted out work (MCU was expecting only certain hex values, send it via Hyperterminal or PuTTY and it wouldn't respond). And now it seems to be the only terminal program so far I can get to at least send all contents of a file onto terminal. Kinda pissed "capture file" feature is not working for me but at least I have a working data diode for what I do most work on (windows) now for any file, I mean I'd only seriously use this in the most dire of dire need and maybe hand copy/pasting the contents of another file into a new file isn't so bad otherwise. The program is a little "glitchy/annoying" at times though, just need to know how to use it.

I really wanted this to be supported by some big terminal program to make it easiest to use, PuTTY was what I was really wanting. There's also nothing for me to be compelled to backdoor.

RE: radio data diodereceiver may transmit and transmitter may receive
--Yeah but that's unacceptable for a data diode, for instance it cannot be illuminated remotely by say some CW radar signal and be made to be something it wasn't designed for.

it depends on
what your software in your TCB does
--And we have to mostly assume malware has taken control of device used to transfer info PC's exposed to dangerous networks.

I agree otherwise though, it is crazy assumptions, paranoia can really destroy you (w/ the threats you build up in your head, can actually do more damage being so paranoid you just freeze up) and there's likely some high chance that attacks would not work on it.

I'd just prefer a *strongly* encrypted RF link w/ *strong* authentication of the nodes b/c I think actually making a true one-way RF transmitter is too hard (am I an RF designer?--No I do embedded RF firmware, it may be turn out to be easy...). I know from experience you can remove any software "acks" and TX will never know if RX received anything. My little nRF_Detekt, had chained symmetric crypto but I think some commercial vendors have AES-128-CBC working for data (maybe AES-256-CBC).

PS: one quick question
--Why the 47nF cap on those lines. Datasheet says anything inbetween 0.01uF and 0.1uF (so .047uF is inbetween there which is well within spec). Was it just a "finger in the air" thing or something you found to be best for speed and reliability?

The real problem however is if you have in effect a sociopath or similar who will not cease their criminality, thus can / should not be alowed into society again for the protection of society what do you do with them and at who's expense?

Over here, we have the case of a Chechen radical who in 2010 was preparing an attack in Denmark but ended up blowing up himself. Being a refugee who had acquired the Belgian nationality, authorities tried to revoke that but got turned down by a judge who refused to make him stateless because Russian authorities had declined to cooperate on establishing his original nationality.

Which means that we are actually stuck with this *sshole who now at the expense of the taxpayer needs to be provided for and monitored 24/7 for fear that sooner or later he pulls a similar stunt over here. This guy is a menace to society, should be put on a plane and parachuted out over Grozny for as far as I'm concerned. And no, I don't give a flying f*ck about what happens to him there.

Ok, "would use" implying you're going to build/try it or just arm-chair quarterbacking

Arm-chair quarterbacking: A person who offers advice or an opinion on something in which they have no expertise or involvement.

Would use: if I were to build one, I would go the discrete route. I don't intend to build one.

So my answer is niether; I have no need for such a thing at the moment, and I do have the expertise in this area (both theoretical and industrial.)

The reason I got involved in this discussion is that I see a Data Diode as a component in the C-v-P security model. The Diode by itself cannot provide Integrity, Confidentiality, Authenticity, or Availability (as you correctly alluded to.) It's an old discussion I had with @Nick P and @Clive Robinson where we wanted to see what Castles and Prisons are comprised of. A Data Diode sounds like a building block component.

That is exactly what it is, in that at the end of the day it is signal wise effectivly a "drop in replacment" for a cable with all but two wires cut (Source_tx to Sink_rx and Source_SigGnd to Sink_SigGnd).

What it offers over and above such a cable is "galvanic issolation" which can be very desirable electrical safety wise as it removes issues with "neutral/ground offsets" that can cause equipment failure, fire or death. It also stops the effects of "ground loops".

Also as a secondary effect of the safety the only energy crossing the "galvanic issolation" is photons in a sealed optical transmission line. Which can if designed correctly stops a number of "TEMPEST / EmSec" issues (but by no means all).

As I pointed out a little while ago my chosen method for an actuall product would be the physical layers of TOSLINK as the parts are almost "Standard off the shelf" and widely used for galvanic issolation in the recording industry in studio equipment.

What such a "building block component" does not offer is anything other than physical layer galvanic issolation. That is it does nothing to stop "time based covert channels". These can be stopped by adding a "re-clocker" circuit as an additional "building block component" in the signal path.

In this way you would build your basic optical data diode up into a more complex device such as a Secure Data Pump / Sluice that works through the lower layers of the data comms stack upto the equivalent of the presentation layer providing TEMPEST / EmSec / information security at each layer if designed correctly.

We'll need to enumerate the rest of the components (this is a toughy... at least the "ideal" ones.) A firewall can also be thought of as a manifestation of a general-case Data Diode that operates on the first four layers or layer 7 for a WAF. This optical Data Diode is a physical layer component with the additional characteristics you listed regarding isolation.

Which means that we are actually stuck with this *sshole who now at the expense of the taxpayer needs to be provided for and monitored 24/7 for fear that sooner or later he pulls a similar stunt over here.

Whilst there are many "Cons" to this there are some "Pros" one of which is that you know, where he is and that he is also neutralized.

After all if you deported him you lose control of him. Thus a third party over which you have no control could simply release him (which in effect happened with the French operatives over the bombing of the Green Peace ship in New Zealand). Then they or other third parties could give him a new identity (this has happened in the past, it's also what the French Foreign Legion did/does as standard). Thus alow him to return to your country under a different name as a free person to do whatever he wished at a later date.

Thus you have to weigh the cost of keeping the "individual" in longterm incarceration under your control against the cost of all measures required to keep him out should a third party not keep him under the same level of control in their country.

The financial low cost is rather than deprive him of liberty, is deprive him of life. However whilst that may once have been an acceptable solution it nolonger is. And it's not just the cost of moral high ground you are looking at, potentially you might be looking at making him a martyr. The consequence of which could be that his name is used as a radicalisation flag to produce ten or more terrorists who are compleatly unknown to your authorities and become just more "disposable DNA".

There are other arguments that can be made, one of which is "The Trump Final Solution" of barring entry to entire race/ethnic groups and deporting by force those already in the country. Because the idea is not uniquely Trump's we have an idea of what the cost of such measures will be. For instance in the Trump -v- Mexico just one cost will be the price of building, maintaining and guarding several thousand miles of fence/wall, which would be eue wateringly expensive and as Israel are finding out not very effective.

And before you ask, no I have no soloutions to offer that would not irreparably damage my soul and many of those of any nation that carried out such solutions (something the US is going to have to come to terms with over indiscriminate drone attacks etc of the "Obama / Clinton years").

There seems a simple solution to your problem. Seperate the guy from the rest of the population but in a way where he is only seperated physically. Then tell him to grow his own food and care for himself or die by his own lazyness.

Only financial cost is the seperation of land and some food, cloths, seeds, and possible survival training while he starts off for a few months. Then he is on his own for better or worse. If he is ever seen outside the seperated area, capture and send him back. Kinda like guntonamo bay but instead of guards, the prisoners fend for themselves in their own little 'community'. Although there is that flaw of being a dangerous criminal. Also the problem where not all nations have enough land to effectively seperate people.

Seperate the guy from the rest of the population but in a way where he is only seperated physically. Then tell him to grow his own food and care for himself or die by his own lazyness.

Firstly how do you stop the martyr rescue issue where by a third party sends in slightly more intelligent DNA than that which is disposable?

Secondly how do you stop the guy making gun powder and weapons, how to make them is not exactly a secret nor particularly difficult.

Whilst secret detention centers do exist and people do get "disappeared" into them, often the secret is difficult to maintain for various reasons.

For instance it has been rumoured for some time that the US has Ultra Secure "Special Administrative Measures" Issolation Centers much worse than the alledged most secure US prison ADX Florence in Fremont Country, Colorado. Such places where people effectivly become "disappeared" and effectively compleatly issolated in a Panopticon Cell, with as close to zero human contact as is possible, where punishments are compleatly arbitary and involve total control of the prisoners environment. It's been further said that atleast one such Federal unit is built entirely underground.

I can not say if it is true or not but we know about special Super Max facilities like an ADX in Colorado from UN Special Rapporteur on Torture reports on it which Amnesty International has published details on,

We also know it has become clear that some US police forces have run illegal detention and interrogation facilities such as one run by Chicargo's PD under a mayor who was once a close associate of President Obama,

So it is very difficult to believe any US Gov statements that an "underground disappeared" facility either does not exist nor was designed and constructed. If such a place does exist or was planned then it's likely that at some point tangible information will leak out.

Because we also know that other supposadly civilised countries like Israel have "disappeared" facilities and prisoners without real names, because the information has leaked out,

So if it is hard to maintain secrecy then reprisals etc by third parties become a real issue.

There are many reports on just how inventive prisoners can become, and atleast one early Super-Max in Texas has had an escape. More modern Super-Max designs are aimed at providing the prisoners with as close to zero information about where there cell is within the facility thus reducing their chance at escape. The downside is the cost of such establishments not just financialy but in societal terms as well. You thus have to consider the aspect of unnatural deaths. Did a prisoner commit suicide or were they coerced / neglected / tortured / murdered. Thus the main imperative is to keep the body alive, as is known with Gitmo, this can and has involved barbaric practices worse than recognised forms of torture to force feed inmates. In at least five known cases what is gratuitous sexual assult has been carried out on detainiees that has no factual medical basis,

Wael
--I'll probably make one discrete someday, maybe when I can verify for myself an actual attack on the IC based one, not around, directly on it.

Yeah it could provide all of those if the features were added and you left transfer computers on.

Clive RobinsonThat is it does nothing to stop "time based covert channels"
--As in data being sent out of TX by delays in time? Adding another independently clocked node would complicate things, and I wouldn't really care that much so long as my encrypted and zipped file got thru. I could clean that machine as much as possible and fill it w/ a bunch of crap info, the worst I can think of is identifying info sent to RX. I could just use another separate memory stick and transfer to yet another networked PC (so we're talking 4 computers now, original creation of file on 1, TX & RX for 2, and then another separate 1 for Network). That data would have to be transferred to memory stick then.

Also your TOSLINK thing, if you provided enough info to build, we could evaluate it, but as usual you don't and expect others to figure things out themselves. So it'll probably remain so little talked about thing on a blog, not something tangible. I'm on a small break now so I can do some things, but soon will have basically no time for side projects. The only places those parts are "standard off the shelf" is becoming less and less electronics stores (sadly).

A quick read of it should be enough to give a reasonable engineer most of the information required to get a prototype up and running. That they can then use to develop their own code and hardware to be compatible with.

There is also the old "You can give a man a fish, and he will feed his family for a day, teach him to fish and he will feed his family every day" argument. Yes I could give you a fish, but then you become dependent on hand outs, if however I tell you what makes good tackle, you can then make your own choices peculiar to your own needs, not mine or somebody elses.

I gave reasons as to why I thought the use of TOSLINK would be a good idea as a general product that would have a market in other areas thus provide security cover. You chose to say you were doing stuff for your use only and had no interest. So you are now changing your tune and blaiming me for not providing information you had already said you had no interest in...

The US supposadly holds it's self as the moral guardian of the world, does this sort of behaviour sound moral in a civilized society?

Guantamo, secret detention centres and entombed supermax facilities like the ones you describe are abominations and for all practical purposes worse than death. They are the definition of cruel and unusual punishment, compared to which even capital punishment sounds more humane.

While every nation has to decide for itself how to deal with those citizens considered unfit for futher participation in regular society - and preferably adhering to international law and other conventions governing the matter -, there is a bit of an awkward issue when certain nations in practice start making them someone else's problem, as in the case of our Chechen friend here.

This is currently a huge problem all over Western Europe in that particularly (North) African countries refuse to take back convicted fellons, illegal aliens or rejected asylum seekers, whose presence then becomes "tolerated" but in effect have no perspectives on a job or even remotely regular life in the concerned host countries. Thus is the main reason this group is massively over-represented in crime statistics all over Europe, and a prime target for Daesh recruiters.

The only Western European country that currently systematically deports such people, and by any means necessary, is Italy. Even suspicion of radicalisation is sufficient ground for being booted out of the country immediately. For immigrants that have already acquired the Italian nationality, the same measures are used as those in the fight against organised crime: freedom of movement restrictions, travel bans, suspension of ID documents and regular check-ins at the local police station. It's an approach that so far has proven very effective.

It's also what the French Foreign Legion did/does as standard

Not anymore. I know quite some former legionnaires and I can assure you that the background of all applicants is thoroughly vetted. If you're on a wanted list anywhere or have too impressive a rap sheet, your next visit to the recruitment center leads you not to a training facility on Corsica but directly to a holding cell.

Clive Robinson
--Yeah so engineers can build it, but everyone else can go eat cake? Just saying how it appears, I'm learning how to fish more than ever slogging my way thru engineering school aka hell. Any project w/ you is just look for something (maybe not even worthwhile) to add on to take time then comment "design correctly" or even better "done properly". Waste of time really since you never say what that is, just a ego boost which you think you wouldn't need as you get older but still do I guess. Main thing I learned here was opsec, crypto design isn't discussed here much anymore. Yeah I looked at some of their prototypes...let's just say the attack surface goes up by like 3-4X. The TOSLINK serializer prototype uses 1 FPGA and 2 fiber optic modules, then to plug that into PC's of today, need a TOSLINK->USB converter. Definitely not "discrete" and not simpler. Huge attack surface expansion.

Next one was TOSLINK UART, needs 2 microchip MCU's, 4X optical transceivers, fiber optic cables, then a CPLD (COMPLEX programmable logic device) and if you want to plug into your PC another 2X optical-USB chips. So you need a windows PC and massive proprietary toolchains that make MCU IDE's look lean to program the data diode.

Sancho's design needs 2 FT232 chips and an optocoupler, but that portion can be made discretely. Any chip that can do USB->Serial would work, so you could make your own firmware and try to lock it in place w/ jumpers on programming pins. That's the attack surface, USB-serial converters is not a "omg spy!" component, and an optocoupler again isn't, they're used all over industry.

Well, there's the engineer in you! Nice tear-down of the various solutions presented.

@ All

One thing many people interested in verifying their code, esp reproducible builds crowd, need is an understanding of x86 to make sure compiler output is sensible. The x86 architecture is ridiculously complex with books on it reflecting that. However, most compiles of applications use a tiny, 32-bit subset of it with the C calling convention. This guide teaches some of that subset first in a clear way that might help people get a nice start on the topic: x86 guide.

On the topic of gotos, the main use people say is justified is error handling when you have nested loops. The problem is it can mess up static analysis and compiler optimizations. This comment on Hacker News illustrates a way to use wrappers to get cleaner error handling than breaks but without goto's. Still can be analyzed fully by traditional techniques.

For those interested in OS development, I found a free, detailed reference that does stuff step-by-step with example code: Little book of OS development. Should be used in addition to other works on the topic since no single resource covers it all.

Finally, twostories about women doing interesting things in tech. One gets broadband started in her spare time as a farmer despite the local, monopoly's bullshit. The other is forced into secretarial position by people who see no worth in her pursuing programming. Then, just out of boredom & curiosity, she keeps building her skills within the starting position & adding accomplishments until eventually landing quite the job as a programmer. I figure some inspirational stories of people kicking ass in ways worth duplicating are a nice finish. :)

That is the way of the world with computer security solutions, I thought you knew that.

Software engineers do not build PC's and most makers don't make MCU systems from chips, they buy them from someone who manufactures the boards just as they do for the Adrino and Raspberry Pi systems shields. Look at HackAday projects, most are based on hardware solutions you can buy. Which was why I was talking about manufacturing for others to use.

As for the various TOSLINK devices that the article links to, yes they use an FPGA or MCU, however they are "mature" products with PCBs and other "construction kit" instructions.

In the case of the FPGA the VHDL code is there, which based on what you have said in the past, you should be able to back convert into a logic diagram to work out how the Manchester encode / decode works.

If you want to go down your own MCU route you can search for "bit banging" Manchester encoder / decoder in software, there are even versions in C.

To do Manchester encoding you just take a clock at twice the baud rate and multiply it by the serial data. Decoding is slightly harder, you need to frequency lock an oscillator to the incoming data edge and then divide down to clock the data in a bit at a time. You can see this by looking at,

But if you can write "bit bang" serial data code most of it will be directly applicable to Manchester encoding decoding, it just needs a few tiny tweaks. This has been known for decades, as Manchester encoding was one way to store computer programs on cassette tape for the early 8bit home computers.

I know for a fact you can use a PIC DIL MCU to do Manchester encoding and decoding to serial data in software --I've done it years ago-- and MicroChip have Manchester code you can download. A slightly bigger PIC will not just Manchester code/decode it will also data rate transcode for the serial data rate.

Then it's just a matter of wiring up on strip board for low data rate experiments.

In all honesty, it's something I would expect a first or second year electronics / comp sci undergraduate to do as a weekend assignment using a simple PIC programming PCB and the MicroChip IDE... You don't even need an oscilloscope to get the code functional.

And you could for experimentation just hardwire or use dirt cheap Opto Couplers to get it working then build a strip board using the TOSLINK optics, prior to drafting up a PCB layout for single sided photo etch board.

I really think you are making a mountain out of a molehill on this one.

[“receiver may transmit and transmitter may receive”] (Sancho)”--Yeah but that's unacceptable for a data diode, …”

Stop it here: The transmission (component/device) is not the data diode.
The diode is (in) the TCB. It is not a (necessarily physical) component.
The galvanic isolation is a component.
A “building block component” sounds a bit strange in my ears.

[“it depends on what your software in your TCB does”] (Sancho)”--And we have to mostly assume malware has taken control of device used to transfer info PC's exposed to dangerous networks.”

Stop it here: TCB means “Trusted Computing Base”.
Trusted means that we trust that device(s), in contrast to networking COTS computers.
We do not assume malware has taken control of it - it would be game over.

For an open source HW and SW design it is extremely difficult (nearly impossible!) to act as TCB.
One prerequisite is that the aggressor has no undetected physical access to the TCB’s hardware.

“Crazy assumptions” are often not crazy, so I’d never trash them immediately.
But if you assume the TCB is p0wned
plus
the intruder would ignore the TCB’s sender module and instead try to (ab)use the receiver’s circuit to send,
this borders on craziness, caused probably by acute paranoia.

However, as a consequence of such a “crazy idea” we should think about if and how it would be possible to make the receiving circuit to act as a sender, and how we could stop that.

BUT:
Why encrypt an encrypted data stream intended for the Internet?
To confuse the adversary - or yourself?

There is no specific reason for the 47nF but the physical size + inductivity is a bit smaller than 100nF. As this is a decoupling for the very heavy power spikes (about 12mA square wave up to 50MHz) I would not go for the minimum value.

@Sacho,p at 50mhz and 100nf, is .03ohms at 5 volt is 157amp, that size capacitor would be a low frequency decoupling, it would be best to have 1nf 10 nf and 100 nf in parallel, being the goal is to stop stray 1uV voltages affecting to me that very high speed optocoulpe.

Sorry to add, the 10 ns delay would be the pulse then steady state dc, with the clock about 100khz, near there limit.
The fast rise would be for driving mosfet, with high voltage or current, we're you want parallel fet to turn on and off close together. Above at 157 it would be a short for pwm signals, and not work.

”There is some parasitic inductance to capacitors, but you don't need to worry about it here...”

Interesting statement, but I doubt it. Do you have more info?

However, @Andy has a point with multiple capacitors, only that it is not required / recommended by Avago for their optocoupler.
They mandate just one single, through-hole cap and demand the total length of the decoupling loop must not exceed 2 cm.
With the recommendation of a through-hole cap it’s obvious that the coupler isn’t that sensitive.

Decoupling at the (power consuming) IC: When using through-hole caps the total inductance (IC, traces, cap) and the loop area are so bad that it’s not worth to think about placing two or even more caps.

At a power source / regulator the situation is different, two caps (different size and type) are often required at the voltage regulator input and at the output for stable results.

Where is parasitic inductance used in this formula? It's not because it assumes an "ideal" capacitor with zero parasitic inductance and zero parasitic resistance. Resistance is a real quantity, impedance is a complex one, btw.

Real world components are not "ideal. So a capacitor will have additional "parasitic" (undesirable) inductance and resistance. When you are dealing with analog high frequency circuits, then parasitic inductance will become more significant, and will need to be accounted for.

In your case, the manufacturer has recommended a certain range of capacitance values, the additional parasitic inductance are insignificant as you can surmise from the large range they recommended for the capacitor ;) The effect of additional parasitic elements is to reduce the reactance, and in your case here, it's not significant. If you're dealing with an RF amplifier say in the 400MHz + range, then these parasitic elements become significant. At higher frequencies, even a kink in a wire or a small anomaly in the board trace becomes a significant factor that may cause your device to fail (an amplifier becomes an oscillator, etc...) This is not the case here.

You'll find much more information when you search for capacitor parasitic inductance. Look at capacitor models and the effect of parasitic elements of reactance.

They mandate just one single, through-hole cap and demand the total length of the decoupling loop must not exceed 2 cm.

You probably need to head their advice. Adding more capacitors will cause other potential complications, including increasing parasitic inductance (and so do longer decoupling loops.) When you add multiple capacitors, you may end up with a resonant circuit, a filter, or other things...

I hate it when this happens. Long responses are more error prone. The short answer should have been something like this:

The manufacturer is aware of capacitor non-idealism (not sure the word is proper) and took that into account when they made the range recommendation and the loop length restrictions. As such, you don't have to worry about parasitic elements so long as you adhere to the recommended values and constraints.

Now the corrections...

It's because it assumes an "ideal" capacitor with zero parasitic inductance...

Look at capacitor models and the effect of parasitic elements on reactance.

Clive Robinson
--They generally don't build but they definitely offer input to and influence hardware designs. I want to do firmware mostly/only so I'm completely fine w/ that; I'm not fine w/ bad hardware designs that cause errors that are then "problems to be fixed in software".

Being a "mature" product means time for attackers to probe and develop attacks too, and I know you do that too so I take your recommendations w/ a huge grain of salt, not walking into your traps.

I've got other projects I'd rather do too. Just got 7 knockoff arduino nanos I can definitely put to work doing something, want to try hacking those clickers we were forced to buy for school, can repurpose my nrf proto's for that. Something w/ my yardstick one too, got rfcat working, it's pretty fun to mess w/. Want to finish off a silabs project, another RF one, simple one. And work projects, of course, those are fun but there's tough features that are hard to do.

Sancho_PThe transmission is not the data diode
--Yeah but malware on network connected RX may want at it. I only really trust small MCU's w/ code I can follow and boards I can look at w/ a scope and multimeter handy, not x86 pc's w/ windows (which I need for my purposes now).

We do not assume malware has taken control of it
--I make a lot of worst case assumptions, if transfer still works and file hasn't been corrupted, I'm fine for most part, just dedicate usb sticks to that purpose and don't go plugging them in bunch of places.

caused probably by acute paranoia.
--Caused by observations of strongly suspected malware. It would likely work on the systems of most paranoid of paranoids here, and trigger some bad anxiety probably. I've got a multitude of evidence from a few different types (USB malware that spreads to any pc I plug a particular usb stick in, creator didn't check it what it does on openbsd lol :p, malware that may have remotely disabled a sata controller, meaning no regular harddrives would work on it (can't tell if just sh*tty hardware or was an attack, would be extensive project trying to check that further), malicious microcode updates, some realtek audio controller attacks disabling my sound cards, some priv-esc attacks that get "system" on windows and root on stock linux systems after connecting to internet, multiple remote shutdowns on internet connected computers, but no smoking guns besides some sh*tty adwares and some click-jacking malware I could remove etc. Just strong suspicions and odd timing.

Let me put it this way, if I saw a "radio data diode" on market first thing I'd mutter is "bullsh*t"...there would need to be very nice docs w/ other research to backup and examine the design etc. And encryption is to confuse adversary that can sniff traffic remotely, again I know paranoid but would be a nice feature to have.

All physical components are "non ideal" and have resistance as well as capacitive and inductive impedence. Worse the also have coupling effects as well, all befor you get into their nonlinear behaviour.

Note that they have both capacitive and inductive impedence as well as resistance. Which means they are also "damped resonant circuits" as well with both series and parallel resonance and just for fun will have changes in effective reactancr with frequency so a capacitor will look at some frequencies to actually be an inductance...

One easy way to work out the parasitic values is with a Q-Bridge or Vector analyser / S-Parameter test set if you are more wealthy.

Often what look like "RF Caps" will be found to have very low resonant frequencies, especially when in circuit. You can with a little skill and a Grid Dip Oscillator find resonant peaks or dips in the tens of MHz. Which can be at quite a significantly lower frequency to what you would expect from a quick calculation.

Oh and for those reading along, when using multiple capacitors for decoupling, it's usually best to put not the lowest value or physically smallest cap next to the device being decoupled, but the one with the highest self resonant frequency... This is because different capacitor manufacturing methods have significantly different parasitic values. The problem of course is knowing in advance which cap is going to have the highest self resonant frequency...

Oh and remember those three terminal voltage regulators you oh so commonly see, they can make realy good power oscillators / jammers, giving a couple of very unclean watts of power at 50MHz. Likewise some of those audio power amps, can wipe out from the long wave band through medium wave and up into the low HF marine band, whilst still giving you "high fidelity".

I'm not fine w/ bad hardware designs that cause errors that are then "problems to be fixed in software".

That's another bitter pill you have to swallow these days. Managment see hardware engineering time as ten to twenty times more expensive than software. So much hardware design is "manufactures recomended circuit and layout" running linked in binary blobs.

And the reason for this sorry state of affairs is the fact that few software people even know what an engineering process is these days. As you've probably noticed there is a lot of "Cut-n-Paste from the Web then guess" software development these days. You can after all hide many many sins in a binary, that somebody else has to maintain because the programmer knows when to "Cut-n-Run" to stay ahead of the game...

It's why IoT is "pre-destined" to be not just a compleate security nightmare but also unreliable to the point it will crash a lot and sometimes burn your house down, in just the same way some cars brakes and mobile phones do currently.

With regards,

... want to try hacking those clickers we were forced to buy for school...

I think I missed the story behind that.

In the UK there was an initiative to give every child in a particular school year their own BBC micro PCB. Only a lot of schools decided to keep them as a general resource for the school. Thus the whole point behind the initiative that kids would play with them in their own time went straight out the window. Now they get told "You have twenty minutes to type in the following program and then hand the PCB back in...". So computing by writting your times tables, we all know how much fun there is in that...

Clive Robinson
--Yeah that's why I can't wait to get my skills up to point I don't need to deal w/ any of that bs and can take on just about any project (within reason) by myself or a small team. Oh there's a ton of cut-n-paste and tweaking and brittle designs (I'm dealing w/ it now, I want a tiny hardware change b/c I've got the damn brittle code (that I've cleaned up considerably so future people could follow) functional w/ the tiniest change but that costs $$$, and I need to do one more big feature but they need to specify how they want it done. At a big company this wouldn't even be a question, just make the tiny change; such a pain in the ass to do otherwise though), also in hardware designs, I mean c'mon act like it doesn't exist there too. Uh huh each chip we have, you start sharpening your pencil and redesign each chip from scratch on grid paper, bullsh*t it's not the real world. We learn baseline designs in textbooks and "new" designs are just spinoffs and extensions of those fundamentals. It's not a lot of new things, it's super risky, and lots of testing time if you do that. If you want a deliverable w/ a ton of testing behind it in the minimal amount of time you're given in cut-throat market, you use chunks that are battle-tested. The "new" parts are in-between those big chunks, and if those parts fail huge chunks of a design fail.

IoT may be destined for failure b/c a lot of people have these expectations that new hardware needs to have features that are mind-blowing instead of delivering a solid thing that's simple to use and useful (what I want, like what was default included in WinXP (hyperterminal for one, super useful program), in Win10 I got stupid graphics annoying me on start menu and useful programs aren't default included). Same thing w/ linux, some of the distros just go the "graphic" route and get rid of a ton of useful programs (kali) and abandon older versions so I can't even apt-get anymore, have to wget. That's why our tech isn't as solid and useful, we have vocal minority people demanding we spend more time on stupid "flashy" sh*t features instead of reliable useful ones and supporting the (to them) boring but reliable features. Plus reliability uses a lot of resources so end consumer will have to pay for it.

RE: bbc micro
--Bleh that's a shame. My computer classes sucked at school, everyone always looked for ways just to play games. Just buy a knockoff arduino, it's like $2-$5 and a ton of software to get them going on any little kiddy project.